Skills
skills/shhac/skills/multi-review/Gen Agent Trust Hub

multi-review

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted code diffs and file contents, creating an attack surface for indirect prompt injection where malicious instructions could be embedded in the code under review.
  • Ingestion points: Git diff output (Phase 1) and file contents read for review.
  • Boundary markers: The skill explicitly implements boundary delimiters (=== BEGIN UNTRUSTED CODE FOR REVIEW ===) and directives to reviewers to treat enclosed content as data only.
  • Capability inventory: Spawns sub-agents (TeamCreate, TaskCreate), sends messages, and executes local shell commands (git diff, mktemp).
  • Sanitization: Uses explicit isolation markers and clear instructions to ignore instructions found within the code block.
  • [COMMAND_EXECUTION]: The skill executes local commands like git diff to identify changes and mktemp to manage temporary files for large diffs. These commands are necessary for its primary functionality and do not involve remote code execution or privilege escalation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 12:13 AM