code-reviewer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to process untrusted data from pull requests and source code repositories. An attacker could embed malicious instructions in code comments or PR metadata to manipulate the agent's behavior. Ingestion Points: scripts/pr_analyzer.py and scripts/code_quality_checker.py. Capability Inventory: Execution of shell commands, Kubernetes management, and Docker operations. Boundary Markers: None specified. Sanitization: None evident.
- Command Execution (HIGH): The skill documentation explicitly includes instructions for sensitive operations such as 'kubectl apply' and 'docker build'. In the event of an injection-based compromise, an attacker could use these capabilities to gain control over the host environment or cloud infrastructure.
- External Downloads (MEDIUM): The development workflow relies on 'npm install' and 'pip install -r requirements.txt' to fetch unspecified third-party dependencies, which introduces a risk of supply chain attacks through unverified packages.
Recommendations
- AI detected serious security threats
Audit Metadata