fpf-review
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill methodology in 'modules/practical-perspective.md' explicitly directs the agent to execute the code being audited using commands like 'time python script.py' and 'python -m cProfile'. This is a critical security risk as it allows a malicious codebase to achieve code execution on the agent's environment during the review process.
- [COMMAND_EXECUTION] (MEDIUM): The skill suggests several shell commands ('grep', 'glob', 'ruff') to analyze the filesystem. While diagnostic, these interactions increase the attack surface if the agent's logic is subverted.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection because it ingests untrusted source code through 'Read', 'Grep', and 'Glob' without defined boundary markers or sanitization. Malicious instructions embedded in code comments could influence the agent's behavior or subsequent analysis. Mandatory Evidence Chain: 1. Ingestion points: 'modules/functional-perspective.md' (Feature Discovery section) and 'modules/foundation-perspective.md' (Pattern Recognition section). 2. Boundary markers: None. 3. Capability inventory: Subprocess execution via 'python -m' and 'time', and file system modifications via 'TodoWrite'. 4. Sanitization: None.
Recommendations
- AI detected serious security threats
Audit Metadata