reviewer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill is granted access to the
Bashtool and is explicitly instructed to executegit diffto retrieve code for analysis. This is a legitimate and necessary function for a code review agent in a developer environment. - INDIRECT_PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection because it processes content from external files that could be controlled by an attacker.
- Ingestion points: Content is ingested through the output of
git diffand the reading of project files such asCLAUDE.md,pyproject.toml, and other source files. - Boundary markers: Absent. The instructions do not define clear delimiters or provide the model with specific warnings to ignore instructions found within the code or comments it reviews.
- Capability inventory: The skill possesses powerful capabilities including
Bashexecution,Read(file access),Grep, andGlob(filesystem discovery). - Sanitization: Absent. The skill does not sanitize or filter the content of the files it reads before processing them.
Audit Metadata