Skills
skills/oimiragieo/agent-studio/requesting-code-review/Gen Agent Trust Hub

requesting-code-review

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill uses a Task tool template that interpolates untrusted data into a subagent prompt, creating a surface for indirect prompt injection. If an attacker controls the content of the implementation plan or git commit messages, they could influence the subagent's behavior.\n
  • Ingestion points: Variable placeholders {WHAT_WAS_IMPLEMENTED}, {PLAN_OR_REQUIREMENTS}, and {DESCRIPTION} in the Task tool template within SKILL.md.\n
  • Boundary markers: The template uses Markdown headers and backticks for isolation, but lacks specific instructions for the agent to ignore potentially malicious embedded directives in the data fields.\n
  • Capability inventory: The agent has access to Bash, Read, and Task tools, which could be exploited if an injection succeeds.\n
  • Sanitization: No input validation, escaping, or filtering of external content is performed before interpolation.\n- [COMMAND_EXECUTION]: The Task tool template in SKILL.md instructs the agent to run bash commands (git diff {BASE_SHA}..{HEAD_SHA}) using user-supplied parameters. This represents a command injection risk if the {BASE_SHA} or {HEAD_SHA} variables are populated with shell metacharacters (e.g., ;, &&, |).
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 07:50 AM