subagent-review
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it ingests and processes code content to provide automated reviews.
- Ingestion points: Code changes are read using
git diffduring the identification phase and passed to subagents for analysis. - Boundary markers: The instructions do not define specific delimiters or instructions to the subagents to ignore or isolate instructions that may be embedded within the code being reviewed (e.g., in comments or string literals).
- Capability inventory: The skill instructs the agent to "Fix any issues found," though the
allowed-toolsconfiguration is restricted toRead,Grep,Glob, and specificBashpatterns (git), which limits the potential impact of a successful injection compared to an agent with unrestricted shell access. - Sanitization: There is no evidence of sanitization, filtering, or validation applied to the ingested code content before it is processed by the agent models.
Audit Metadata