Skills
skills/langbaseinc/agent-skills/requesting-code-review/Gen Agent Trust Hub

requesting-code-review

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (MEDIUM): In code-reviewer.md, the placeholders {BASE_SHA} and {HEAD_SHA} are interpolated directly into a bash command block (git diff {BASE_SHA}..{HEAD_SHA}). A malicious user or a compromised plan could provide SHAs containing shell metacharacters (e.g., ; rm -rf /) to achieve arbitrary command execution.
  • PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection (Category 8).
  • Ingestion points: The {DESCRIPTION} and {PLAN_OR_REQUIREMENTS} placeholders in code-reviewer.md ingest data from potentially untrusted sources.
  • Boundary markers: Absent. The placeholders are placed directly into the subagent instructions without delimiters or 'ignore' instructions.
  • Capability inventory: The subagent can execute shell commands (git diff) and perform analysis based on the provided text.
  • Sanitization: Absent. No logic exists to strip shell metacharacters or instruction-like text from the interpolated variables.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:49 PM