self-review
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by reading external file content and passing it directly to a sub-agent for processing.
- Ingestion points: Contents of files specified in $ARGUMENTS, the output of git diff commands, and the local .agents/review-perspectives.md configuration file.
- Boundary markers: Absent. The instructions do not specify the use of delimiters or 'ignore' instructions when providing data to the sub-agent.
- Capability inventory: The skill invokes a general-purpose sub-agent using the Agent tool, which possesses its own set of capabilities.
- Sanitization: No sanitization, escaping, or validation of the ingested data is performed before interpolation into the sub-agent's prompt.
- [COMMAND_EXECUTION]: The skill executes local git commands to retrieve data for the review process.
- Evidence: Uses
git merge-baseandgit diffto extract code changes when 'diff' is provided as an argument.
Audit Metadata