moai-alfred-code-reviewer
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local shell script (
scripts/pre-review-check.sh) and uses theBashtool to run several command-line utilities includingpytest,ruff,mypy, andbanditfor automated code analysis. - [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) as it is designed to ingest and analyze untrusted source code from the project environment while possessing high-privilege capabilities.
- Ingestion points: The skill reads files from the
src/directory using theBashtool and file system tools. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to distinguish between the code being analyzed and operational instructions.
- Capability inventory: The agent is granted tools such as
Bash(arbitrary command execution),Write/Edit(file modification), andWebFetch(network communication). - Sanitization: No sanitization, validation, or filtering of the ingested source code content is performed before it is presented to the LLM for review.
Audit Metadata