code-reviewer
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill invokes
git --no-pager diffto retrieve source code changes. This is a standard system command and appropriate for the skill's stated purpose, though it does grant the agent access to the local filesystem's version history. - [PROMPT_INJECTION] (MEDIUM): The skill is susceptible to Indirect Prompt Injection (Category 8) because it ingests and processes untrusted external content (the code being reviewed) and incorporates it into its reasoning process.
- Ingestion points: The skill uses
git --no-pager diffto pull external code into the LLM context (SKILL.md). - Boundary markers: None. There are no delimiters or instructions to ignore embedded commands within the diff output.
- Capability inventory: The skill executes system commands (
git) and generates high-influence feedback for developers. - Sanitization: None. The skill does not filter or sanitize the content of the code changes before analysis.
Audit Metadata