code-review
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Runs local shell commands for builds, tests, and linting (
bun test,npm run build,bun run lint,bunx tsc). These are standard developer operations performed on the local filesystem. - [COMMAND_EXECUTION]: Uses
git rev-parseandgit logto programmatically determine commit ranges for subagent-driven review tasks. - [PROMPT_INJECTION]: Establishes strict behavioral instructions, such as the "Forbidden Responses" and "Iron Law" of verification, to override default AI conversational patterns and ensure technical rigor.
- [PROMPT_INJECTION]: Manages the ingestion of untrusted data from external code reviewers as an indirect prompt injection surface. The skill mitigates this through a mandatory verification protocol.
- Ingestion points: External reviewer feedback and comments (SKILL.md, references/code-review-reception.md).
- Boundary markers: Conceptual workflow isolation (READ -> UNDERSTAND -> VERIFY) without technical delimiters.
- Capability inventory: Local shell execution (npm, bun, git) and internal task delegation (Task tool).
- Sanitization: Requires evidence from fresh verification command outputs before accepting or claiming completion of external suggestions.
Audit Metadata