code-reviewer
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection due to how it handles external project data. Ingestion points: The agent reads git diff output and project files using tools like Read, Glob, and Grep (SKILL.md). Boundary markers: There are no explicit instructions or delimiters provided to ensure the agent ignores instructions embedded within the code it reviews. Capability inventory: The agent has access to high-privilege tools including Bash for shell command execution and TodoWrite for file modification. Sanitization: No sanitization or validation of the ingested code content is performed prior to processing.
- [COMMAND_EXECUTION]: The skill leverages the Bash tool to perform its primary functions, such as analyzing git changes and searching the codebase. While this is necessary for its functionality, the ability to execute arbitrary shell commands significantly increases the potential impact if the agent is compromised via indirect prompt injection.
Audit Metadata