Skills
skills/pcvelz/superpowers/requesting-code-review/Gen Agent Trust Hub

requesting-code-review

Pass

Audited by Gen Agent Trust Hub on Feb 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (SAFE): The skill uses git rev-parse, git log, and git diff to identify and compare commit ranges. These are safe, read-only operations performed on the local workspace.
  • [PROMPT_INJECTION] (LOW): The skill presents a surface for indirect prompt injection (Category 8) as it processes untrusted code changes from git diffs.
  • Ingestion points: File code-reviewer.md ingests untrusted code via git diffs and user-provided placeholders like {DESCRIPTION} and {PLAN_REFERENCE}.
  • Boundary markers: Absent. The diff content and descriptions are not wrapped in security delimiters or 'ignore' instructions.
  • Capability inventory: The subagent can execute git commands and generate review reports.
  • Sanitization: Absent. The subagent is instructed to directly analyze and summarize the provided code changes.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 22, 2026, 03:55 PM