code-review
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute shell commands, including 'git diff' and project-specific test or lint suites like 'npm run test' and 'make check'.
- [PROMPT_INJECTION]: The skill processes untrusted external data, which introduces a surface for indirect prompt injection attacks.
- Ingestion points: External data enters the context through PR descriptions, linked issues, task specifications, and code diffs as outlined in the review process and scope resolution sections of SKILL.md.
- Boundary markers: There are no explicit instructions or delimiters defined to separate untrusted external content from agent instructions or to warn the agent to ignore embedded commands.
- Capability inventory: The skill possesses the capability to execute repository commands and project scripts via the command line.
- Sanitization: No sanitization, escaping, or validation of the input data from external sources is described in the skill instructions.
Audit Metadata