ac-code-validator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill processes untrusted code files from a project directory, creating a significant Indirect Prompt Injection surface. Malicious code comments or configuration files could be used to manipulate the agent's logic or trick downstream components into approving malicious code.
- Ingestion points: Arbitrary files within
project_dirprocessed byCodeValidator.validate(). - Boundary markers: Absent. The skill does not specify any delimiters or instructions to ignore embedded content.
- Capability inventory: Executes external processes (subprocess calls) and provides data to high-privilege downstream components like
ac-qa-reviewerandac-commit-manager. - Sanitization: Absent. There is no mention of filtering or escaping content from the analyzed code.
- [Command Execution] (MEDIUM): The skill invokes various external binaries (e.g.,
ruff,eslint,bandit,gosec) via the command line. This pattern is susceptible to command injection if project metadata, filenames, or tool-specific configuration files (like.eslintrcorpyproject.toml) are maliciously crafted to exploit the execution environment. - [External Downloads] (LOW): The
npm auditfeature involves making network requests to external package registries. While this is standard for security tools, it represents a network dependency triggered by the contents of the untrusted project directory.
Recommendations
- AI detected serious security threats
Audit Metadata