reviewing-code
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the agent to execute tests within the project directory to verify implementation. This involves running code from the repository which may be untrusted.
- [PROMPT_INJECTION]: The triage process evaluates metadata such as severity and complexity indicators from a task file. This is an ingestion point for untrusted data that could influence the review logic.
- [PROMPT_INJECTION]: The skill processes project source code and passes it to sub-agents, creating an indirect prompt injection surface.
- Ingestion points: .plans//review/NNN-task.md and project source/test files.
- Boundary markers: No delimiters or instructions to ignore embedded commands are specified for the ingested content.
- Capability inventory: Shell command execution (git, project tests) and delegation to sub-agents via the Task tool.
- Sanitization: No sanitization, escaping, or validation of the untrusted project data is described.
Audit Metadata