code-review
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local git commands such as
git fetch,git pull, andgit diffto analyze the repository. These operations are restricted to identifying code changes and commit history for the purpose of the review. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted code content from the repository being reviewed. An attacker could potentially embed instructions in comments or strings within the code to influence the agent's behavior. Ingestion points: Codebase files and git diff outputs (SKILL.md). Boundary markers: Not explicitly defined in the prompt instructions. Capability inventory: Shell command execution via git (SKILL.md). Sanitization: No validation or filtering of the analyzed code is performed.
Audit Metadata