Skills
skills/ocrbase-hq/ocrbase/requesting-code-review/Gen Agent Trust Hub

requesting-code-review

Pass

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (LOW): The skill executes local git commands (e.g., git rev-parse, git diff, git log) to identify changes and perform reviews. While this involves shell interaction, it is the primary purpose of the skill and restricted to git operations.
  • [PROMPT_INJECTION] (LOW): Detected Indirect Prompt Injection surface (Category 8). The subagent template in code-reviewer.md ingests untrusted data from external plans and descriptions into the LLM prompt without sanitization or boundary markers.
  • Category 8 Evidence Chain:
  • Ingestion points: code-reviewer.md via variables {WHAT_WAS_IMPLEMENTED}, {PLAN_OR_REQUIREMENTS}, and {DESCRIPTION}.
  • Boundary markers: Absent; data is placed directly under markdown headers.
  • Capability inventory: Shell command execution via git as defined in both SKILL.md and code-reviewer.md.
  • Sanitization: Absent; the skill relies on the agent to interpolate raw strings provided by the user or previous tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 21, 2026, 01:26 PM