agent-review
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is specifically designed to ingest untrusted data from local code changes and agent-generated diffs (SKILL.md, commands/review-changes.md). * Ingestion points: Processes external code changes via the 'Review' and 'Find Issues' capabilities. * Capability inventory: The agent is instructed to 'Address critical issues' and 'Accept changes', providing a direct functional path from untrusted input (malicious code comments/instructions) to file system modification. * Boundary markers: No delimiters or 'ignore embedded instructions' directives are provided in the skill instructions to prevent the agent from obeying instructions hidden within the code being reviewed. * Sanitization: No sanitization or validation of the input content is described.
- No Code (INFO): The skill files consist entirely of Markdown documentation and instructional content. No executable scripts, binaries, or configuration files were detected within the analyzed files.
Recommendations
- AI detected serious security threats
Audit Metadata