requesting-code-review
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions and templates utilize shell commands, specifically
git rev-parse,git log, andgit diff, to programmatically retrieve commit identifiers and extract source code changes for the review process.\n- [PROMPT_INJECTION]: The code review subagent processes repository content (git diffs) and task metadata that are interpolated directly into thecode-reviewer.mdtemplate. This architecture allows for indirect prompt injection if malicious instructions are embedded within the code being reviewed or the task descriptions.\n - Ingestion points: Git diff output and template variables (
{DESCRIPTION},{PLAN_OR_REQUIREMENTS}) incode-reviewer.md.\n - Boundary markers: The template does not utilize specific delimiters or isolation warnings to differentiate between system instructions and the untrusted data being analyzed.\n
- Capability inventory: The subagent is authorized to read local repository files and execute git-related shell commands.\n
- Sanitization: No input validation, escaping, or filtering is performed on the code content or descriptions before they are processed by the LLM.
Audit Metadata