Skills
skills/schlenks/superpowers-bd/requesting-code-review/Gen Agent Trust Hub

requesting-code-review

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes git rev-parse, git log, and git diff to identify commit ranges and extract code changes for analysis. These commands are necessary for the skill's stated purpose.
  • [PROMPT_INJECTION]: The subagent processes git diffs and requirements files which are external ingestion points. This creates a surface for indirect prompt injection where malicious instructions could be embedded in the code under review or in documentation to manipulate the reviewer's verdict.
  • Ingestion points: Git diff output and the file path specified in {PLAN_OR_REQUIREMENTS} (processed in code-reviewer.md).
  • Boundary markers: None; the agent is instructed to read the full content without explicit 'ignore embedded instructions' delimiters.
  • Capability inventory: Local file system access and git command execution.
  • Sanitization: No filtering or sanitization of the analyzed text is implemented.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 10:11 AM