Skills
skills/tony363/superclaude/sc-code-review/Gen Agent Trust Hub

sc-code-review

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted data from the local environment and passing it to LLM models for analysis.
  • Ingestion points: The skill reads content from git diff, git log, and source files during the 'Gather' and 'Categorize' phases.
  • Boundary markers: There are no explicit instructions or delimiters mentioned to isolate untrusted code content from the LLM's instructions, nor are there warnings to the models to ignore embedded commands within the diffs.
  • Capability inventory: The skill can execute shell commands via git and gh, and it has write access to GitHub PRs via the gh pr comment tool.
  • Sanitization: No sanitization or filtering of the diff content is performed before it is sent to the mcp__pal__consensus tool.
  • [COMMAND_EXECUTION]: The skill relies on executing shell commands for its core functionality.
  • Evidence: It uses git rev-parse, git branch, git diff, git log, and gh pr comment to interact with the repository and post findings. While these are appropriate for a code review tool, they provide a vector for exploitation if the agent's logic is subverted via prompt injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 12:54 AM