Skills
skills/i2oland/dotfiles/code-review/Gen Agent Trust Hub

code-review

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use gh pr diff and git diff commands to fetch code changes for analysis. While these are standard tools for code review, they represent command execution capabilities using external and local data.
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface (Category 8) because it analyzes untrusted code changes from external sources without sufficient isolation.
  • Ingestion points: Code changes enter the agent context via gh and git command outputs and direct file reads specified in the Scoping section of SKILL.md.
  • Boundary markers: The prompt templates for the specialized reviewers lack delimiters or explicit instructions to ignore directives that might be embedded within the reviewed code.
  • Capability inventory: The agent has permissions to execute subprocesses and read from the local file system.
  • Sanitization: There is no evidence of sanitization or escaping of the code content before it is processed by the LLM.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 03:44 AM