Skills
skills/tobihagemann/turbo/review-code/Gen Agent Trust Hub

review-code

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands like git diff and gh repo view to define the scope of the code review. It specifically instructs the agent to use a user-provided diff command if available, which represents an execution surface that could be exploited if the source of the command is untrusted.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes code from the repository and passes it directly to multiple sub-agents via the Agent tool. It lacks boundary markers (e.g., delimiters) or specific instructions to the sub-agents to ignore instructions embedded within the code content. This creates a surface where malicious code could influence the behavior of the sub-agents.
  • Ingestion points: Code content retrieved through git diff or by reading files directly from the repository directory (SKILL.md).
  • Boundary markers: None identified; the skill does not wrap untrusted content in delimiters or provide 'ignore embedded instructions' warnings to the sub-agents.
  • Capability inventory: Use of the Agent tool to spawn sub-agents, the Skill tool to invoke peer reviews, and shell access for git and gh commands (SKILL.md).
  • Sanitization: No sanitization or validation of the ingested code content is performed before it is passed to the sub-agents.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 05:23 PM