Skills
skills/ggprompts/my-plugins/code-review/Gen Agent Trust Hub

code-review

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the analysis of untrusted code.
  • Ingestion points: Code is read from the local file system and git history using cat, find, and git diff as described in SKILL.md (Steps 1 and 2).
  • Boundary markers: The prompts used to trigger sub-agents in SKILL.md (Step 3) lack explicit delimiters or "ignore embedded instructions" warnings for the ingested code content.
  • Capability inventory: The skill can execute shell commands (npm, npx, git, bd) and trigger multiple LLM sub-agents via the Task tool.
  • Sanitization: There is no evidence of sanitization or filtering of the code content before it is passed to the sub-agents.
  • [COMMAND_EXECUTION]: The skill executes development tools that can run arbitrary code defined in the project being reviewed.
  • Evidence: SKILL.md invokes npx tsc --noEmit and npm run lint. These tools execute scripts and configurations defined within the project's own package.json or configuration files, which could lead to arbitrary code execution if the repository under review is malicious.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 04:33 AM