code-review
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several Git commands (
git status,git diff,git ls-files) to identify changes in the repository. Additionally, the 'Verify Issues Are Real' section instructs the agent to 'Run specific tests for issues found', which may involve executing arbitrary code or scripts present in the repository being reviewed. - [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8). It ingests untrusted data from the codebase being reviewed without adequate safeguards.
- Ingestion points: Reads
README.md,CLAUDE.md, and any changed or new files in the repository (SKILL.md). - Boundary markers: Absent. The instructions do not define delimiters or warnings to ignore embedded instructions in the reviewed files.
- Capability inventory: Executes system commands via Git and potentially executes code via test running.
- Sanitization: Absent. There is no mention of escaping or validating the content of the files before processing.
Audit Metadata