requesting-review
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted data (git diffs and implementation descriptions) without boundary markers, creating a risk that instructions embedded in the reviewed code could influence subagent behavior. Ingestion points: placeholders in code-reviewer.md and output from git diff. Boundary markers: Absent. Capability inventory: Execution of git commands and local file access. Sanitization: Absent.
- Dynamic Execution (LOW): The skill dynamically assembles shell commands using the git diff {BASE_SHA}..{HEAD_SHA} pattern. This presents a command injection surface if the SHA variables are populated with malicious strings containing shell metacharacters. Severity is lowered as this mechanism is essential to the skill's primary purpose.
Audit Metadata