Skills
skills/lgbarn/devops-skills/requesting-code-review/Gen Agent Trust Hub

requesting-code-review

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (MEDIUM): The skill establishes a workflow where untrusted external data (project plans, requirements, and implementation descriptions) is ingested and used to influence the behavior of a subagent.
  • Ingestion points: Data is pulled from file paths like docs/plans/deployment-plan.md and user-provided descriptions.
  • Boundary markers: The skill lacks any instructions to wrap this external content in delimiters or to warn the subagent against embedded instructions.
  • Capability inventory: The resulting output ('Assessment: Ready to proceed') directly influences the agent's decision to continue tasks or merge code, which are side-effect operations.
  • Sanitization: No sanitization of the {PLAN_OR_REQUIREMENTS} or {DESCRIPTION} variables is performed before interpolation.
  • [Command Execution] (LOW): The skill utilizes local shell commands to extract Git metadata.
  • Evidence: Use of git rev-parse, git log, and awk to determine commit SHAs.
  • Context: These are standard operations for a development-focused skill and do not involve remote execution or elevated privileges.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 12:00 AM