google_grade_reviewer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill creates a high-risk attack surface by combining untrusted data processing with write capabilities. * Ingestion points: Reads untrusted code and pull request data via the 'Read' tool. * Capability inventory: Possesses the 'Edit' tool, enabling the agent to modify the filesystem based on instructions that could be embedded in the code it reviews. * Boundary markers: Lacks any explicit instructions to use delimiters or to ignore embedded instructions within the processed data. * Sanitization: No evidence of input validation or sanitization is present to prevent the agent from following instructions found in comments or strings.
Recommendations
- AI detected serious security threats
Audit Metadata