code-review
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill transmits source code diffs and requirement documents to external AI providers via the
external_reviewtool. This exposes sensitive project data to third-party systems as part of its core functionality. - [COMMAND_EXECUTION]: The skill executes shell-based git commands (such as
git rev-parseandgit diff) using variable interpolation. This pattern presents a potential risk if the repository metadata or environmental variables are manipulated by an attacker to include unintended shell sequences. - [PROMPT_INJECTION]: The reviewer subagent processes untrusted content from
git diffoutput. This is a vector for indirect prompt injection, as malicious instructions embedded in code comments or strings could influence the agent's behavior or verdict. The current implementation (incode-reviewer.md) lacks explicit boundary markers or sanitization for this external data, which is processed by a general-purpose subagent with broad tool access.
Audit Metadata