review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes shell commands (
git rev-parse,find) to discover project-specific rule files. These commands are limited to local path discovery and do not involve remote execution or system modification. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8). It instructs the agent to discover and read the contents of various files (
AGENTS.md,.cursorrules, etc.) to guide its review process. An attacker could place malicious instructions in these files to hijack the agent's logic during the review session. - Ingestion points: File contents of
AGENTS.md,AGENT.md,.cursor/rules/*.mdc, and.cursorrules. - Boundary markers: Absent. The instructions do not specify delimiters or warnings to ignore embedded instructions in the rule files.
- Capability inventory: File reading, local path discovery via shell, and reasoning/reporting.
- Sanitization: None. The agent is directed to treat the discovered files as authoritative project rules.
Audit Metadata