requesting-code-review
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection as it ingests untrusted code changes via git diff into the agent context. (1) Ingestion points: Git diff output and implementation descriptions are interpolated into code-reviewer.md. (2) Boundary markers: Absent; there are no instructions to disregard potential commands or instructions found within the code being reviewed. (3) Capability inventory: The agent has access to git commands and the ability to output structured assessments. (4) Sanitization: No sanitization is performed on the diff output or user-provided descriptions.
- [COMMAND_EXECUTION] (LOW): The skill constructs shell commands using placeholders like {BASE_SHA} and {HEAD_SHA} in code-reviewer.md. If these variables are populated with shell metacharacters (e.g., semicolons or pipes), it could lead to unauthorized command execution. While this functionality is central to the skill's purpose, it lacks input validation or escaping.
Audit Metadata