code-review
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill creates a significant Indirect Prompt Injection surface (Category 8) by processing feedback from 'external reviewers' and 'any source' while maintaining high-privilege execution capabilities. 1. Ingestion points: 'code review comments from any source' and 'External reviewers' (SKILL.md). 2. Boundary markers: Absent; no delimiters or ignore-instructions markers are defined for untrusted input. 3. Capability inventory: Execution of git commands (
git rev-parse) and arbitrary verification commands (test suites, build scripts) through the shell. 4. Sanitization: None; the skill relies on the agent's 'technical rigor' rather than structural sanitization or validation. - [COMMAND_EXECUTION] (MEDIUM): The skill mandates the identification and execution of system commands ('RUN full command') to satisfy verification gates. This capability is standard for development but becomes a high-risk vector when coupled with the ingestion of untrusted external content.
Recommendations
- AI detected serious security threats
Audit Metadata