review
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Command Construction]: The skill builds git commands using user-provided branch names from the arguments field. While this is standard for a code review tool, it creates a potential surface where malformed input could lead to unintended command execution in the local shell environment.
- [Indirect Prompt Injection]: The skill processes external data entering the context through git diffs and source file reads (Step 3). These ingestion points do not use explicit boundary markers or sanitization to separate code from instructions. Given the skill's capabilities (executing git commands, writing files to /tmp, and spawning sub-agents), maliciously crafted code comments could theoretically attempt to influence the agent's analysis or output.
- [Local File Interaction]: The skill consolidates findings and writes them to /tmp/review-report.md. This involves standard local file system access for reporting purposes.
- [Sub-agent Orchestration]: The orchestrator spawns 'Breaker' and 'API Analyst' sub-agents, passing them repository content to perform deep correctness and architectural reviews in parallel.
Audit Metadata