arinhub-submit-code-review
Warn
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: Potential shell command injection via pull request identifiers. The PR_NUMBER variable is used directly in multiple 'gh' CLI commands (e.g., in Step 2 and 3 of SKILL.md). Malicious input provided as a PR number could lead to arbitrary command execution if the extraction logic is not strictly limited to numeric values.
- [PROMPT_INJECTION]: Risk of Indirect Prompt Injection. The skill processes untrusted data including PR descriptions, existing comments, and code diffs (ingestion points in SKILL.md). This data could contain instructions that influence the review's outcome. The skill lacks boundary markers or instructions to ignore embedded commands. Evidence: Ingestion points (PR metadata, comments), Boundary markers (Absent), Capability inventory (Submitting reviews and comments), Sanitization (Limited to JSON syntax validation).
- [DATA_EXFILTRATION]: Unauthorized file access via local paths. The skill accepts an optional review file path which is then read. Without strict path validation or directory sandboxing, this capability could be used to read sensitive files from the local environment.
Audit Metadata