Skills
skills/krosebrook/source-of-truth-monorepo/requesting-code-review/Gen Agent Trust Hub

requesting-code-review

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill facilitates the ingestion of untrusted external content (implementation details and project requirements) to be processed by a secondary AI agent (code-reviewer).
  • Ingestion points: Content is pulled via {WHAT_WAS_IMPLEMENTED} and {PLAN_OR_REQUIREMENTS} variables in SKILL.md.
  • Boundary markers: Absent. The skill provides no instructions for delimiting or escaping these inputs to prevent them from containing instructions that override the reviewer subagent.
  • Capability inventory: Uses shell execution (git commands) and has high influence over the development workflow (can block or allow merges based on subagent assessment).
  • Sanitization: None. The content is directly passed to the subagent template.
  • [Command Execution] (LOW): The skill uses local shell commands (git rev-parse, git log, grep, awk) to extract commit information. While these are standard tools, they confirm the agent's ability to execute shell commands based on its instructions.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:11 PM