Skills
skills/zenobi-us/dotfiles/requesting-code-review/Gen Agent Trust Hub

requesting-code-review

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [Prompt Injection] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8).
  • Ingestion points: Untrusted data enters the subagent's context through several placeholders in code-reviewer.md, specifically {WHAT_WAS_IMPLEMENTED}, {PLAN_OR_REQUIREMENTS}, and {DESCRIPTION}.
  • Boundary markers: Absent. The template does not use delimiters or explicit instructions to treat interpolated content as untrusted data, increasing the risk that the agent will follow instructions embedded within a code change description or plan.
  • Capability inventory: The subagent is explicitly instructed to perform file-system operations via git commands in a shell environment.
  • Sanitization: Absent. No filtering or escaping is applied to the input variables before they are placed in the prompt.
  • [Command Execution] (LOW): The file code-reviewer.md contains a shell code block: git diff --stat {BASE_SHA}..{HEAD_SHA}. This pattern is vulnerable to command injection if the {BASE_SHA} or {HEAD_SHA} variables contain shell metacharacters (e.g., ;, &&, or backticks). An agent executing these instructions literally could inadvertently run arbitrary system commands if the input is maliciously crafted.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:16 PM