file-review
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands including
brew,git,bun, and thefile-reviewbinary to handle installation and tool operations. - [EXTERNAL_DOWNLOADS]: It downloads resources from the author's own infrastructure, specifically the
desplega-ai/ai-toolboxrepository and a custom Homebrew tap. These are documented as vendor-owned resources. - [PROMPT_INJECTION]: The 'Process Comments' workflow identifies a surface for indirect prompt injection. (1) Ingestion points: The agent reads and parses HTML-style markers from user-provided files. (2) Boundary markers: Absent; there are no instructions to disregard commands or instructions embedded within the extracted feedback. (3) Capability inventory: The agent has the ability to read/write files and execute shell commands. (4) Sanitization: Absent; the skill extracts feedback text and proposes edits based on that text without prior validation or filtering.
Audit Metadata