code-review-fix
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the $1 (Code-review) and $2 (Scope) parameters. Ingestion points: Untrusted data enters the context via the code review file or description provided in SKILL.md. Boundary markers: The prompt lacks delimiters or explicit instructions to ignore embedded commands within the ingested review data. Capability inventory: The skill is authorized to create and execute shell commands for testing and validation (referenced in SKILL.md). Sanitization: No input validation or sanitization is performed on the ingested content before it influences agent actions.
- [COMMAND_EXECUTION]: The skill instructions require the agent to perform potentially dangerous operations driven by external input. Evidence: The workflow includes 'Create and run relevant tests' and execution of a 'validate command'. This creates a path for arbitrary command execution if an attacker embeds malicious shell instructions within the code review input.
Audit Metadata