review
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from code repositories (diffs, pull requests, and files) which could contain malicious instructions designed to subvert the review process.\n
- Ingestion points: The skill reads external code content using 'git diff' and direct file access as defined in the 'Workflow' section of SKILL.md.\n
- Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the ingested code.\n
- Capability inventory: The skill can execute shell commands like 'git' and 'pnpm test' (SKILL.md).\n
- Sanitization: No sanitization or validation of the untrusted code content is performed before analysis.\n- [COMMAND_EXECUTION]: The skill instructions encourage the execution of local test runners such as 'pnpm test' on the code being reviewed. This could lead to the execution of malicious code if the repository under review contains compromised test configurations or scripts.\n- [EXTERNAL_DOWNLOADS]: The skill references documentation and toolkits from well-known services, such as Anthropic's GitHub repository and OpenAI's developer documentation, for instructional context.
Audit Metadata