receiving-code-review
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill handles untrusted external review feedback (e.g., from GitHub comments) which could contain indirect prompt injection attacks designe d t o o v e r r i d e a g e n t b e h a v i o r o r m a n i p u l a t e c o d e c h a n g e s. * In g e s t i o n p o i n t s: P r o c e s s e s u n t r u s t e d e x t e r n a l f e e d b a c k v i a G i t H u b A P I (
g h a p i) a n d m a n u a l r e v i e w s. * Bo u n d a r y m a r k e r s: A b s e n t; t h e s k i l l r e l i e s o n n a t u r a l l a n g u a g e i n t e r p r e t a t i o n w i t h o u t t e c h n i c a l i s o l a t i o n o f u n t r u s t e d d a t a. * C a p a b i l i t y i n v e n t o r y: T h e a g e n t i s a u t h o r i z e d t o m o d i f y f i l e s ('I M P L E M E N T'), s e a r c h c o d e (g r e p), a n d p e r f o r m A P I r e q u e s t s (g h a p i). * S a n i t i z a t i o n: N o e v i d e n c e o f c o n t e n t v a l i d a t i o n o r s a n i t i z a t i o n o f i n p u t b e f o r e i t i n f l u e n c e s d e c i s i o n - m a k i n g.
- P R O M P T _ I N J E C T I O N (L O W): T h e u s e o f a c o d e d ' s a f e w o r d ' p h r a s e ('S t r a n g e t h i n g s a r e a f o o t a t t h e C i r c l e K') r e p r e s e n t s a b e h a v i o r a l t r i g g e r t h a t , w h i l e i n t e n d e d f o r s i g n a l i n g , c o u l d b e l e v e r a g e d i n a d v e r s a r i a l o r m u l t i
- a g e n t s c e n a r i o s t o t r i g g e r h i d d e n r e s p o n s e s.
Recommendations
- AI detected serious security threats
Audit Metadata