code-review
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted code and git diff outputs, which constitutes a surface for indirect prompt injection. Evidence chain: 1) Ingestion points: git diff and file search outputs (SKILL.md); 2) Boundary markers: Present as markdown code block templates in the output format; 3) Capability inventory: Subprocess calls to git, rg, and grep (SKILL.md); 4) Sanitization: Absent. This risk is inherent to the primary purpose of a code review tool and is mitigated by the lack of high-risk capabilities like network access.
- [COMMAND_EXECUTION]: The skill utilizes git status, git diff, rg, and grep to inspect the local codebase. These commands are executed to gather context for the review process and are consistent with the skill's stated functionality.
Audit Metadata