ysl-code-reviewer
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
git diffcommands to fetch names and contents of modified files. These operations are hardcoded inSKILL.mdand are necessary for the skill's primary function of reviewing code changes between git branches. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from external git branches without adequate safeguards.
- Ingestion points: Data enters the context through the output of
git diffcommands inSKILL.md. - Boundary markers: The prompt does not utilize delimiters or specific instructions to help the agent distinguish between its system instructions and the untrusted code content being analyzed.
- Capability inventory: The skill is limited to reading repository information via
git; it does not have capabilities for persistent file modification or outbound network requests. - Sanitization: No validation or sanitization is performed on the code diffs before they are presented to the agent for analysis.
Audit Metadata