code-review
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses several shell commands to perform its functions, specifically
jstar init,jstar review,jstar chat, andgit add. These are part of the core functionality provided by the vendor's toolset. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it analyzes external code which may contain untrusted instructions.
- Ingestion points: Local repository files are ingested when the agent runs
git add .followed byjstar revieworjstar review --json. - Boundary markers: There are no explicit delimiters or warnings instructed to the agent to ignore instructions embedded within the code being reviewed.
- Capability inventory: The agent has the capability to execute shell commands (
jstar,git) and read/write files as part of the fix cycle. - Sanitization: No explicit sanitization or validation of the code content is mentioned before it is processed by the review logic.
Audit Metadata