Skills
skills/mrclrchtr/superpowers-extended-cc/requesting-code-review/Gen Agent Trust Hub

requesting-code-review

Pass

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses bash commands to retrieve git commit hashes and generate diffs for the review process.\n- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) because it interpolates external strings (implementation descriptions and plan references) into the reviewer subagent's prompt.\n
  • Ingestion points: The template in code-reviewer.md uses {DESCRIPTION}, {PLAN_REFERENCE}, and the contents of git commits.\n
  • Boundary markers: Absent.\n
  • Capability inventory: Access to the local git repository and file system.\n
  • Sanitization: No sanitization or validation of variables is performed before interpolation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 6, 2026, 11:48 PM