grey-haven-code-style
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Significant risk of Indirect Prompt Injection. 1. Ingestion points: External source code, pull request descriptions, and linting data processed during reviews (SKILL.md description). 2. Boundary markers: Absent; no instructions are provided to separate external data from system instructions. 3. Capability inventory: 'Bash', 'Write', 'Edit', 'MultiEdit', and 'Glob' tools (SKILL.md frontmatter). 4. Sanitization: Absent; the skill does not filter or validate external input before processing. A malicious comment in a pull request could leverage these capabilities to execute arbitrary commands or modify files.
- [COMMAND_EXECUTION] (LOW): The skill utilizes the 'Bash' tool for environment management and testing. While standard for development, providing shell access to an agent that interprets untrusted code increases the risk of exploitation if an injection occurs.
Recommendations
- AI detected serious security threats
Audit Metadata