code-review
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell execution (denoted by the '!' prefix) to run various git commands and text processing utilities like
sed,sort, anduniqto gather repository context. - [COMMAND_EXECUTION]: In 'Step 1: Determine Diff Scope', the skill identifies that it will use user-provided arguments (such as branch names or commit ranges) to construct and run a
git diffcommand. This represents a potential command injection vector if the input is not sanitized by the underlying agent framework. - [PROMPT_INJECTION]: The skill is subject to Indirect Prompt Injection risks because it reads and analyzes the full content of changed files in 'Step 2: Build Context'. An adversary could commit code containing hidden instructions designed to manipulate the agent's review logic.
- Ingestion points: The skill reads the full content of all files identified in the git diff scope.
- Boundary markers: The instructions do not specify the use of delimiters or protective headers when the agent processes the file contents.
- Capability inventory: The skill possesses the ability to execute
Bashcommands (limited to git operations),Readfiles, and useGrep/Globtools. - Sanitization: No sanitization or filtering of the file content is performed before it is analyzed by the LLM.
Audit Metadata