parallel-code-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): Indirect Prompt Injection Surface.
- Ingestion points: The skill ingests untrusted data via
git diffduring the review process. - Boundary markers: The suggested prompts (e.g.,
Review git diff for security vulnerabilities...) do not use clear delimiters (likexmltags or triple backticks with specific instructions) to isolate the untrusted code diff from the agent's instructions. - Capability inventory: The agent has capabilities to read local files, search/create memory nodes, and spawn sub-agents. A successful injection could theoretically influence the consolidated report or the memory of review decisions.
- Sanitization: No explicit sanitization or instruction to ignore embedded commands within the diff is provided in the templates.
Audit Metadata