Skills
skills/sirn/dotfiles/code-review/Gen Agent Trust Hub

code-review

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes the jj (Jujutsu) CLI tool to retrieve code changes and file structures. Specifically, it executes jj diff -s and jj diff -- [path] to gather context for the review process.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection, as it reads external source code and incorporates it directly into the agent's reasoning context.
  • Ingestion points: Untrusted data is ingested via jj diff commands in SKILL.md and SUBAGENT.md.
  • Boundary markers: Absent. The skill does not wrap the ingested code in delimiters or provide instructions to the agent to ignore any commands embedded within the code.
  • Capability inventory: The agent can execute CLI commands (jj), access the web via WebSearch/WebFetch, and orchestrate sub-tasks using a Task tool.
  • Sanitization: No sanitization or filtering is applied to the source code before it is processed by the main agent or the sub-agents.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 07:29 PM