review-code
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to ingest and act upon untrusted external data (PR descriptions and code). • Ingestion points: Workflow step 1 (SKILL.md) explicitly instructs the agent to read PR descriptions. • Boundary markers: Absent; no delimiters or instructions to ignore embedded commands are present. • Capability inventory: Workflow step 3 (SKILL.md) instructs the agent to 'Run linting and tests', which requires the agent to have command execution or subprocess spawning capabilities. • Sanitization: Absent; there is no mention of sanitizing the PR content or sandboxing the test execution environment.
- Command Execution (HIGH): The instruction to 'Run linting and tests' on external, unverified code allows for arbitrary code execution if a PR contains malicious test scripts, build configurations, or metadata that execute shell commands during the verification process.
Recommendations
- AI detected serious security threats
Audit Metadata