code-review
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
git diffcommand to programmatically identify changes in the local environment for analysis. - [DATA_EXFILTRATION]: The skill is configured to send source code snippets to an external service via the
mcp__x__ask_codextool for validation. While Codex is a well-known model, transmitting local source code to external endpoints represents a data exposure risk. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted content (source code changes) as a primary input for the agent's reasoning.
- Ingestion points: The skill ingests data from
git diffoutputs and specific files in the repository. - Boundary markers: No explicit delimiters or 'ignore embedded instructions' directives are present in the task prompt to separate the code from the instructions.
- Capability inventory: The skill possesses the ability to execute local commands (
git diff) and perform network-based tool calls (mcp__x__ask_codex). - Sanitization: There is no evidence of sanitization or escaping applied to the source code before it is interpolated into the prompt for the reviewer agent.
Audit Metadata