requesting-code-review
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). The subagent prompt in
code-reviewer.mdinterpolates untrusted content including code diffs and task descriptions without sanitization or boundary markers. This allows malicious instructions embedded in reviewed files to potentially influence the subagent's assessment.\n - Ingestion points:
code-reviewer.mdprocesses external data from{DESCRIPTION},{PLAN_REFERENCE}, and Git command outputs.\n - Boundary markers: Absent. No specific delimiters or warnings are used to isolate user-provided code from the subagent's system instructions.\n
- Capability inventory: The skill invokes shell commands such as
git diffto analyze code.\n - Sanitization: No validation or escaping is applied to the data before interpolation into the prompt.\n- [COMMAND_EXECUTION]: The skill constructs and executes shell commands (
git rev-parse,git log,git diff) using variable interpolation inSKILL.mdandcode-reviewer.md. This is required for its functionality but introduces a potential injection risk if the commit SHAs or other variables are manipulated.
Audit Metadata