code-review-expert
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests and processes untrusted code content from git repositories.
- Ingestion points: Repository content and diffs are read via 'git diff', 'rg', and 'grep' (SKILL.md Step 1).
- Boundary markers: The skill lacks explicit delimiters or warnings to ignore instructions embedded within the code being analyzed.
- Capability inventory: The skill utilizes shell commands ('git', 'rg', 'grep') and has the capability to write to the filesystem when 'implementing suggested fixes' as described in its workflow (SKILL.md Step 7).
- Sanitization: No sanitization or validation is applied to the code data before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill executes local commands to analyze the repository state.
- Evidence: The workflow explicitly calls for 'git status', 'git diff', 'rg', and 'grep' to scope and review changes. These are standard operations for a developer tool.
Audit Metadata