requesting-code-review
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses standard
gitcommands (git rev-parse,git log,git diff) to determine commit ranges and extract code changes. These commands are executed locally within the repository and are necessary for the skill's intended purpose of code review. - [PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection as it processes untrusted data (the code being reviewed) through
git diffoutput. - Ingestion points: The
{BASE_SHA}..{HEAD_SHA}diff output is ingested into the code-reviewer subagent context via thecode-reviewer.mdtemplate. - Boundary markers: No explicit delimiters or instructions to ignore embedded prompts in the code are present in the template.
- Capability inventory: The skill uses
gitcommands and dispatches a subagent; it does not perform network operations or unsafe file writes. - Sanitization: No sanitization of the diff output is performed.
- Risk Assessment: The risk is assessed as LOW because the reviewer agent is provided with a highly structured checklist and specific output format, which naturally constrains its behavior despite the ingestion of untrusted code comments.
- [DATA_EXFILTRATION]: No network operations or access to sensitive credentials (SSH keys, AWS tokens) were detected. The SHAs used are public identifiers within the git environment.
- [EXTERNAL_DOWNLOADS]: The skill does not download external scripts or packages from remote sources.
Audit Metadata