code-review
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill analyzes untrusted source code and git diffs, creating a surface for indirect prompt injection where malicious instructions embedded in the code could influence the agent's review or confidence scoring.
- Ingestion points: Reads code files via glob/grep and staged changes via git diff.
- Boundary markers: Absent; code content is passed to analysis agents without explicit delimiters or instructions to ignore embedded instructions.
- Capability inventory: Executes shell commands (glob, grep, git blame) and invokes sub-skills (/review-comments, /test, second-opinion).
- Sanitization: None; raw file contents and diffs are processed directly.
- [DATA_EXFILTRATION]: When the --multi flag is used, the skill transmits repository diffs to Gemini and Codex via the second-opinion tool to provide cross-model consensus. This facilitates sharing local code with well-known external AI services as a documented feature.
- [COMMAND_EXECUTION]: Utilizes local command-line tools including git, glob, and grep to identify relevant code files and retrieve historical development context via git blame.
Audit Metadata