requesting-code-review
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Vulnerable to indirect prompt injection. Maliciously crafted input in the requirements or the source code itself could manipulate the subagent's review results. * Ingestion points: code-reviewer.md interpolates user-provided text ({DESCRIPTION}, {PLAN_OR_REQUIREMENTS}, {WHAT_WAS_IMPLEMENTED}) and reads local code via the output of git diff. * Boundary markers: Absent. There are no clear delimiters separating subagent instructions from external data. * Capability inventory: The subagent utilizes git diff, git log, and git rev-parse within both SKILL.md and code-reviewer.md. * Sanitization: Absent. Inputs are interpolated directly into the prompt template without escaping or validation.
- [COMMAND_EXECUTION] (SAFE): The skill utilizes standard local git commands (git rev-parse, git diff, git log) to analyze code changes. These operations are within the scope of its primary purpose as a code review tool and do not involve remote execution or high-privilege operations.
Audit Metadata