Skills
skills/shingle2302/superpowers/requesting-code-review/Gen Agent Trust Hub

requesting-code-review

Pass

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The code-reviewer.md template is vulnerable to indirect prompt injection because it interpolates untrusted data into its instruction set without using delimiters or sanitization.
  • Ingestion points: The placeholders {DESCRIPTION} and {PLAN_REFERENCE} in code-reviewer.md are designed to ingest content from external sources such as project plans or task descriptions.
  • Boundary markers: No delimiters (like XML tags or markdown blocks) or instructions to ignore embedded commands are present to separate the untrusted data from the agent's core instructions.
  • Capability inventory: The agent has the capability to execute shell commands (git) and provide technical assessments that influence the development workflow.
  • Sanitization: There is no evidence of validation or sanitization of the content before it is interpolated into the prompt.
  • [COMMAND_EXECUTION]: The skill uses local shell commands to perform Git operations required for code review.
  • Evidence: SKILL.md and code-reviewer.md contain commands such as git rev-parse, git log, and git diff which use variables (like {BASE_SHA}) to determine the range of code to be analyzed.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 26, 2026, 12:03 PM