ql-review
Warn
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
python -c "import main_module"to verify imports during the integration review stage. This results in the execution of any top-level code or initialization logic within the specified module. If the code being reviewed is untrusted or malicious, this provides a vector for code execution on the host system. - [COMMAND_EXECUTION]: The skill relies on shell commands like
git merge-baseandgrepto perform repository analysis and code searches. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted content from source code and product requirement documents (PRDs).
- Ingestion points: Files like
quantum.json, PRDs, and source code files are read into the agent's context. - Boundary markers: The instructions do not define delimiters or specific warnings to ignore instructions found within the reviewed data.
- Capability inventory: The agent can execute shell commands and Python code.
- Sanitization: There is no evidence of content sanitization or validation of the data retrieved from external files before it is used to drive the review logic.
Audit Metadata