peer-review
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection during the proposal review process. 1. Ingestion points: Proposal briefs are synthesized from user input and project context into a temporary file at .git/peer-review-[timestamp]-[pid].md. 2. Boundary markers: Absent. The prompt instructions passed to the external models (e.g., Read $BRIEF_FILE. Review this proposal...) do not use delimiters or instructions to ignore embedded commands within the proposal content. 3. Capability inventory: The skill invokes external CLI tools (codex, claude) and executes shell commands to handle data. 4. Sanitization: No validation, filtering, or escaping is performed on the proposal content before it is passed to the secondary models.
- [COMMAND_EXECUTION]: The skill executes shell commands to manage its workflow. It uses trap for file cleanup, dynamically detects the execution environment (Codex vs. Claude), and invokes external CLI tools with variable interpolation for file paths.
Audit Metadata