code-reviewer
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies (MEDIUM): The skill documentation in SKILL.md refers to 'npm install' and 'pip install -r requirements.txt' but does not provide the corresponding manifest files (package.json or requirements.txt). This prevents auditing of the external packages being introduced into the environment.
- Indirect Prompt Injection (MEDIUM): The skill is designed to ingest and process untrusted external code files, creating a vulnerability where malicious instructions in the code could influence the agent's logic. 1. Ingestion points: The 'target' path argument in pr_analyzer.py, code_quality_checker.py, and review_report_generator.py. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are present in the scripts or metadata. 3. Capability inventory: The scripts generate reports that the agent uses to make critical decisions about code quality and security. 4. Sanitization: No content filtering or validation is implemented for the ingested code content.
- Metadata Poisoning (MEDIUM): The skill description and features list claim to provide 'automated code analysis' and 'security scanning', yet the actual implementation in the scripts directory consists only of empty placeholders. This discrepancy is misleading and could lead to an agent relying on non-existent security checks.
Audit Metadata