bug-review
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill workflow requires the agent to run various shell commands for code validation, including test runners like cargo test, pytest, and npm test, as well as static analyzers like clippy, ruff, and eslint. These are executed locally on the codebase being reviewed.
- [PROMPT_INJECTION]: The skill performs analysis on untrusted external project files and source code, creating a surface for indirect prompt injection.
- Ingestion points: Project manifests (Cargo.toml, package.json, go.mod) and source code files are read from the filesystem.
- Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded commands in the analyzed content.
- Capability inventory: The agent can execute shell commands, analyze files, and generate code patches.
- Sanitization: No sanitization or filtering is performed on the ingested code before it is processed by the model.
Audit Metadata