code-reviewer
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a Python script
scripts/review_checklist.pyand theBashtool to execute localgitcommands (git diff,git log). These commands are used to retrieve the changed files and their contents for the review process. The execution uses standardsubprocess.runcalls with list-based arguments, which prevents shell injection. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) due to its core functionality of processing untrusted code changes.
- Ingestion points: The agent ingests data from the output of
git diffandgit loginSKILL.md(Phase 1) andscripts/review_checklist.py(viaget_changed_files,get_commit_messages, andget_diff). - Boundary markers: The instructions in
SKILL.mddo not include explicit delimiters or instructions for the agent to treat the code content strictly as data, making it possible for the model to follow instructions embedded in code comments or strings. - Capability inventory: The skill is granted powerful capabilities including
Bash(shell execution),WebFetch, andWebSearch, which could be exploited if an injection is successful. - Sanitization: No sanitization or filtering is applied to the code content before it is presented to the language model for analysis.
Audit Metadata