review
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill's primary function is technical code review, which is a legitimate development workflow. It focuses on validating implementation consistency against upstream documents.
- [COMMAND_EXECUTION]: The skill instructs the agent to use
git difffor comparing branches or commit ranges. This is a standard local repository operation and does not involve executing arbitrary shell commands from untrusted inputs. - [DATA_EXFILTRATION]: The skill does not perform any network operations or external data transmissions. Its activities are confined to reading local project files and updating a
pipeline.mdfile to track review status. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes external data such as code comments and issue descriptions.
- Ingestion points: Documentation files (
prd.md,spec.md,tdd.md), issue tracker files, and source code being reviewed. - Boundary markers: Absent; the instructions do not define specific delimiters for separating untrusted code content from the agent's instructions.
- Capability inventory: File system read/write (updating
pipeline.md) andgit diffexecution. - Sanitization: None identified; the skill relies on the LLM's internal safety guardrails to differentiate between implementation code and operational instructions.
Audit Metadata