react-review
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it analyzes untrusted code from the project repository. If the code being reviewed contains malicious instructions (e.g., in comments or string literals), the agent might inadvertently follow them during the review process.
- Ingestion points: Reads code content from files and git history via git commands and cat in SKILL.md.
- Boundary markers: Absent; there are no instructions to treat the analyzed code as untrusted data or delimiters used for code interpolation.
- Capability inventory: The skill can read local files, execute git commands, and write changes back to the filesystem to apply fixes as described in Step 5.
- Sanitization: Absent.
- [COMMAND_EXECUTION]: The skill instructs the agent to use user-supplied input (like branch names or commit hashes) directly in shell commands, such as 'git diff ..HEAD'. This presents a risk of argument injection if the input is not strictly validated or sanitized by the agent platform before execution.
Audit Metadata