Skills
skills/badrusiddique/enggenie-skill/review-code/Gen Agent Trust Hub

review-code

Warn

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The YAGNI Check section in SKILL.md instructs the agent to run a grep command using a search term derived from external reviewer feedback. If the reviewer provides a malicious string containing shell metacharacters (e.g., ;, &, |), it could lead to arbitrary command execution on the host.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from Jira tickets and GitHub PR comments, exposing it to indirect prompt injection.
  • Ingestion points: External review comments and Jira ticket metadata (file: SKILL.md).
  • Boundary markers: No structural delimiters are used to separate external content from agent instructions.
  • Capability inventory: The skill uses git, grep, and the gh CLI, providing significant system and network access (file: SKILL.md).
  • Sanitization: The skill uses a manual verification checklist but lacks automated sanitization or escaping of untrusted input strings.
  • [DATA_EXFILTRATION]: The skill extracts PR URLs from Jira tickets and uses them in gh api calls. An attacker could use a malicious PR link to redirect agent actions and potentially exfiltrate code content to a repository they control.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 9, 2026, 11:29 AM