requesting-code-review
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill is designed to run build and test commands like 'npm test' or 'pytest'. While necessary for its core function, these commands could be exploited to run malicious code if the project files being reviewed are compromised.
- [PROMPT_INJECTION] (LOW): The skill exhibits an attack surface for Indirect Prompt Injection (Category 8) by processing external project documentation. 1. Ingestion points: proposal.md, tasks.md, design.md, spec.md. 2. Boundary markers: None identified. 3. Capability inventory: Execution of build, test, and linting tools via shell. 4. Sanitization: None identified.
Audit Metadata