convention-code-review
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [COMMAND_EXECUTION]: The workflow defined in SKILL.md (Steps 1 and 2) explicitly instructs the agent to execute local git commands, such as
git diff --cachedandgit diff main..HEAD, to retrieve the code changes for review. These are intended as read-only operations on the local repository. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its core function involves processing and analyzing untrusted data from a repository's source code and git history. * Ingestion points: Code changes obtained via
git diffand file contents read directly from the repository. * Boundary markers: The instructions lack explicit delimitation or 'ignore' instructions for the code being reviewed, which could lead the agent to accidentally follow instructions embedded in a malicious pull request. * Capability inventory: The agent is empowered to executegitcommands and read local files. * Sanitization: There is no defined process for sanitizing the input code before it is interpreted by the agent. - [NO_CODE]: The skill consists solely of Markdown files (SKILL.md and 29 reference files) providing instructions and guidelines; no executable scripts (.py, .js, .sh, etc.) are included in the skill package.
Audit Metadata