Skills
skills/futuregerald/futuregerald-claude-plugin/requesting-code-review/Gen Agent Trust Hub

requesting-code-review

Fail

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The file code-reviewer.md contains shell commands that interpolate user-provided placeholders directly: git diff --stat {BASE_SHA}..{HEAD_SHA} and git diff {BASE_SHA}..{HEAD_SHA}. If the values provided for {BASE_SHA} or {HEAD_SHA} contain shell metacharacters such as semicolons, pipes, or backticks, an attacker could execute arbitrary commands on the system.
  • [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection as it processes untrusted data without proper isolation.
  • Ingestion points: The subagent ingests untrusted content through the {DESCRIPTION}, {PLAN_OR_REQUIREMENTS}, and {WHAT_WAS_IMPLEMENTED} placeholders, as well as the source code content returned by the git diff command.
  • Boundary markers: The code-reviewer.md template does not use XML tags, triple quotes, or specific delimiters to separate user-provided content from the agent's instructions, nor does it include warnings to ignore instructions found within the reviewed code.
  • Capability inventory: The agent has the ability to execute git commands and provide assessments that dictate the progress of the development workflow.
  • Sanitization: No validation or escaping is performed on the data before it is interpolated into the prompt or used in shell commands.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 27, 2026, 06:52 PM