swift-code-reviewer
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use local developer tools including
git,gh(GitHub CLI), andglab(GitLab CLI) to fetch repository history and pull request details. These commands are executed to gather necessary context for conducting the code review. - [PROMPT_INJECTION]: The skill processes untrusted external data, which creates a surface for indirect prompt injection:
- Ingestion points: The agent ingests data from
git diffoutputs, PR/MR descriptions and comments, and project configuration files such as.claude/CLAUDE.md. - Boundary markers: The instructions do not define explicit delimiters (e.g., '---BEGIN DIFF---') to separate untrusted content from the agent's internal logic.
- Capability inventory: While the agent can read local files and execute informational CLI commands, it does not have the capability to execute the analyzed code or perform unauthorized network operations.
- Sanitization: The workflow lacks specific validation or sanitization steps for the ingested code content or project guidelines.
Audit Metadata