code-reviewer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill creates a significant attack surface by ingesting untrusted external data (source code and PR descriptions) to perform its core function. It lacks instructions to isolate these inputs or ignore embedded commands.
- Ingestion points: Untrusted source code files and pull request descriptions provided by users or fetched from repositories.
- Boundary markers: Absent. The skill provides no delimiters (e.g., triple backticks or XML tags) or system-level instructions to treat the ingested code as data rather than instructions.
- Capability inventory: The skill's output is intended to influence code quality and security decisions. In an automated pipeline, an injection could lead to the approval of malicious code or the exfiltration of the agent's context through review comments.
- Sanitization: No sanitization or validation of the input content is described, allowing raw instructions inside code comments or strings to be processed by the LLM.
Recommendations
- AI detected serious security threats
Audit Metadata