Skills
skills/guanyang/antigravity-skills/requesting-code-review/Gen Agent Trust Hub

requesting-code-review

Pass

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands such as git rev-parse, git log, and git diff. These commands use placeholders like {BASE_SHA} and {HEAD_SHA} that are populated at runtime. If these variables are sourced from untrusted inputs (e.g., external pull request data), it creates a potential surface for command injection.
  • [PROMPT_INJECTION]: The code-reviewer.md file serves as a prompt template that interpolates external data (such as {WHAT_WAS_IMPLEMENTED} and {PLAN_OR_REQUIREMENTS}) into the instructions for a subagent. This identifies an indirect prompt injection surface where malicious content in the requirements or implementation description could influence the reviewer subagent's behavior.
  • Ingestion points: Inputs are accepted into the code-reviewer.md template via several placeholders including {DESCRIPTION} and {PLAN_REFERENCE}.
  • Boundary markers: The template does not utilize delimiters or specific instructions to isolate the untrusted content from the system instructions.
  • Capability inventory: The agent has the ability to execute shell commands (git diff) and initiate tasks via the subagent superpowers:code-reviewer.
  • Sanitization: There is no evidence of input validation or sanitization for the interpolated strings.
Audit Metadata
Risk Level
SAFE
Analyzed
May 6, 2026, 04:13 PM