Skills
skills/felixwayne0318/aitrader/code-review/Gen Agent Trust Hub

code-review

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill operates as a code review tool, analyzing repository content via git and GitHub CLI commands, which is appropriate for its stated purpose.
  • [COMMAND_EXECUTION]: The skill suggests running python3 scripts/smart_commit_analyzer.py for regression checks. This script is expected to be part of the local project repository.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted code changes from git diffs and files. 1. Ingestion points: Data enters the context via git diff, gh pr diff, and file reading. 2. Boundary markers: The instructions do not specify delimiters to isolate code content from the agent's instructions. 3. Capability inventory: The skill is capable of reading repository data and executing a local script, but lacks network exfiltration capabilities. 4. Sanitization: No sanitization of the input code is performed before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 04:07 AM