cr
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple shell commands to perform environment detection, manage git diffs, and run development tools. It uses 'git' for status and diffing, and executes linters such as 'go vet', 'npm run lint', 'black', and 'ruff'. These commands, particularly 'npm run', can execute arbitrary scripts defined within the repository being reviewed.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates external, untrusted data from code diffs directly into a model prompt. Malicious instructions within the code could potentially override the reviewer's instructions.\n
- Ingestion points: Code diffs are read from the project directory and stored in temporary files within the '.git/' directory as specified in 'SKILL.md'.\n
- Boundary markers: No delimiters or protective instructions are used when passing diff content to the 'claude -p' command; the file content is provided directly as the context for review.\n
- Capability inventory: The skill can execute various shell commands through the agent and CLI tools including 'git', 'claude', 'codex', and language-specific build tools.\n
- Sanitization: No sanitization, escaping, or validation is performed on the diff content before it is interpolated into the model's prompt.
Audit Metadata