code-review
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the local script
scripts/collect_review_context.sh. This script uses standardgitcommands to collect staged changes or diffs against the main branch for review. This is legitimate behavior for a development tool. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it ingests and processes untrusted data (code diffs) which could contain embedded malicious instructions intended to manipulate the reviewing agents.
- Ingestion points: Git diff content and file lists collected by
scripts/collect_review_context.shas described inSKILL.md. - Boundary markers: Absent; there are no specific instructions or delimiters provided to the subagents to distinguish between code content and system instructions.
- Capability inventory: Execution of local shell scripts via the context gathering step.
- Sanitization: Absent; the skill does not implement any filtering or escaping for the code content before it is processed by the agents.
Audit Metadata