secure-code-review
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (HIGH): The skill's core purpose is to process and analyze external source code, which constitutes a significant indirect prompt injection surface. Evidence: 1. Ingestion points: Untrusted external code snippets and files (SKILL.md). 2. Boundary markers: Absent; there are no specific instructions or markers to prevent the agent from obeying instructions embedded within the code being reviewed. 3. Capability inventory: The skill lists commands for package installation and system-level tool execution (SKILL.md). 4. Sanitization: Absent; there is no methodology described for sanitizing or escaping the untrusted code inputs.
- COMMAND_EXECUTION (MEDIUM): The skill provides multiple shell command examples for the agent to use, including
docker run,sonar-scanner, andcodeql database analyze. These commands interact with the underlying host system to perform scans. - EXTERNAL_DOWNLOADS (MEDIUM): The instruction to run
pip install semgrepinvolves downloading and installing software from a public registry. While Semgrep is a known security tool, it does not fall within the defined trusted organization scope for this analysis, representing a medium-risk unverifiable dependency.
Recommendations
- AI detected serious security threats
Audit Metadata