requesting-code-review
Warn
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill dynamically constructs and suggests the execution of shell commands in
code-reviewer.mdusing placeholders like{BASE_SHA}and{HEAD_SHA}. If these inputs originate from an untrusted source or are not strictly validated, an attacker could provide malicious git references containing shell metacharacters (e.g.,; rm -rf /) to achieve arbitrary command execution on the host environment. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it instructs the agent to analyze raw code content fetched via
git diff. Malicious instructions embedded within the code changes being reviewed (such as in comments or string literals) could confuse or override the agent's instructions, potentially leading to biased or manipulated review outcomes. - Ingestion points: The output of
git diffcommands processed by thecode-reviewer.mdtemplate. - Boundary markers: Absent. The diff content is provided directly to the agent without clear delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill utilizes git for repository inspection and executes shell commands.
- Sanitization: Absent. No mechanisms are provided to sanitize or escape the content of the code changes before they are reviewed by the sub-agent.
Audit Metadata