code-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. The skill is designed to process external code review comments from potentially untrusted sources.
- Ingestion points: Code review comments from external/untrusted reviewers (triggered by 'Receiving code review comments from any source').
- Boundary markers: None explicitly defined in the provided markdown file to separate untrusted feedback from system instructions.
- Capability inventory: Access to
gitcommands and the ability to dispatch subagents via aTasktool. - Sanitization: The protocol instructs the agent to 'Verify technically correct' and 'push back if wrong', which serves as a logical check but not a structural sandbox for the prompt content.
- [COMMAND_EXECUTION] (LOW): The skill mandates running shell commands for verification (e.g., 'RUN full command', 'git rev-parse').
- Context: This is the primary intended purpose of the skill (Verification Gates), designed to ensure code quality through tests and builds.
- Risk: While high-privilege, the severity is downgraded to LOW as it is essential for the stated developer-tool functionality and the instructions focus on evidence-based validation rather than arbitrary execution.
Audit Metadata