code-review
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data from pull request diffs and source code files, creating a surface for indirect prompt injection.
- Ingestion points: Pull request URLs/numbers and local file paths as specified in SKILL.md.
- Boundary markers: The skill lacks specific delimiters or instructions to ignore or isolate potential instructions embedded within the code, comments, or diffs being reviewed.
- Capability inventory: The skill is authorized to execute
git diff HEADand read local file contents. - Sanitization: There is no evidence of sanitization or validation performed on the ingested content to prevent embedded instructions from influencing agent behavior.
- [COMMAND_EXECUTION]: The skill executes the shell command
git diff HEADto retrieve changes from the local repository. This is a direct interaction with the host system's command line interface.
Audit Metadata