tasks-code-review
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to its interaction with untrusted code data.
- Ingestion points: The agent reads source code via the Read and Grep tools and consumes git metadata using Bash commands such as git diff and git log.
- Boundary markers: There are no explicit instructions or delimiters defined to separate the untrusted data being analyzed from the agent's internal operational instructions.
- Capability inventory: The agent is permitted to use Bash, Write, and Edit tools, which provides a functional path for a successful injection attack to execute commands or modify the repository.
- Sanitization: The skill does not implement or require any sanitization of the content retrieved from the codebase before it is processed by the AI model.
Audit Metadata