Skills
skills/dkyazzentwatwa/supernavigator/receiving-code-review/Gen Agent Trust Hub

receiving-code-review

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests untrusted content from external sources to drive high-privilege actions.
  • Ingestion points: The skill explicitly processes input from 'External Reviewers' (e.g., GitHub PR comments).
  • Boundary markers: Absent. There are no delimiters or instructions provided to differentiate between the agent's core instructions and the external feedback it is processing.
  • Capability inventory: The skill includes the ability to modify the codebase ('Implement'), search files ('grep'), and interact with the GitHub API ('gh api').
  • Sanitization: Absent. There is no logic for escaping or validating external content before the agent evaluates and acts upon it.
  • COMMAND_EXECUTION (LOW): The skill utilizes grep for codebase searching and the gh api for posting replies to pull requests. While these are legitimate tools for the task, they represent the execution of system commands and network operations that could be exploited if the agent is manipulated by malicious feedback.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:31 PM