code-reviewer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill instructs the agent to execute shell commands (e.g.,
tsc --noEmit,find src -name "*.ts" | xargs wc -l, andnpm audit) to perform project health checks. While these are standard development tasks, executing them on untrusted codebases poses a risk if filenames or configurations are maliciously crafted. - PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes untrusted data (source code) and possesses the capability to execute commands and write reports based on that data.
- Ingestion points: Source code files (.ts, .tsx), configuration files (package.json), and documentation (README, STATUS/BUGS/TODO) provided by the user or found in the repository.
- Boundary markers: Absent. The instructions do not define delimiters for the code being reviewed or provide explicit "ignore embedded instructions" warnings for the agent.
- Capability inventory: The skill has the capability to execute shell commands (
tsc,find,wc,npm audit) and perform file system reads across the repository. - Sanitization: Absent. There is no requirement for the agent to sanitize or escape file names or content before passing them to shell utilities or including them in the final report.
Audit Metadata