adversarial-review
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it interpolates local code content and git diffs into prompts for subagents.\n
- Ingestion points: Reads project files, convention documentation (e.g., CLAUDE.md), and git diff output from the local repository (SKILL.md).\n
- Boundary markers: Uses Markdown headers such as '## Code to Review' to delineate content, but does not provide explicit instructions to the subagent to disregard instructions contained within the code diffs.\n
- Capability inventory: The primary agent possesses the ability to modify files in the repository to apply fixes recommended by the subagent (SKILL.md).\n
- Sanitization: The skill does not perform sanitization or structural validation on the code snippets or diffs before processing.\n- [COMMAND_EXECUTION]: The skill invokes local git commands ('git diff', 'git diff --cached') to gather the necessary context for code reviews. These operations are standard for development workflows and restricted to the local environment.
Audit Metadata