code-reviewer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection through untrusted repository content.
- Ingestion points: Phase 0 explicitly directs the agent to read 'README', 'STATUS', 'BUGS', and 'TODO' files.
- Boundary markers: There are no delimiters or instructions to isolate analyzed content from the agent's execution context.
- Capability inventory: The skill allows for shell command execution (tsc, find, npm audit).
- Sanitization: No sanitization is performed; malicious instructions in project documentation could be followed by the agent.
- COMMAND_EXECUTION (MEDIUM): The skill executes shell pipelines on untrusted file paths.
- Evidence: Phase 0 includes a find/xargs/wc pipeline for file size detection.
- Risk: While the command itself is diagnostic, executing shell operations on directories with untrusted filenames can lead to unexpected behavior if filenames contain shell metacharacters.
Recommendations
- AI detected serious security threats
Audit Metadata