sc-code-review
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various git commands (e.g., git diff, git rev-parse, git log) to gather code context and utilizes the GitHub CLI (gh) to post review comments. These operations are essential for the skill's purpose and are conducted within the local repository context.\n- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection, as it processes code and comments from external contributors that could contain malicious instructions designed to subvert the review process.\n
- Ingestion points: The agent ingests untrusted code and commit history through git diff and git log outputs (SKILL.md).\n
- Boundary markers: The behavioral flow does not specify the use of delimiters or 'ignore instructions' warnings when passing diff data to the LLM consensus tool.\n
- Capability inventory: The skill can execute bash commands (git, gh) and call multi-model consensus tools (mcp__pal__consensus), which could be manipulated if the LLM is compromised by the input data.\n
- Sanitization: There is no evidence of sanitization or filtering of the code content before it is processed by the review models.
Audit Metadata