code-review
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill is susceptible to indirect prompt injection (Category 8) because it is designed to process untrusted code and comments from pull requests. 1. Ingestion points: The
scripts/review-prepscript gathers git diffs, commit logs, and file contents which are then processed by AI agents. 2. Boundary markers: The system prompts provided in thereferences/directory do not include explicit delimiters or instructions to treat analyzed code strictly as data, which increases the risk of the model obeying embedded instructions. 3. Capability inventory: The skill dispatches review tasks to agents that may have access to tools such as filesystem or shell in the host environment. 4. Sanitization: There is no evidence of sanitization or escaping of the code content before it is interpolated into the agent's context.
Audit Metadata