code-reviewer
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [Remote Code Execution] (HIGH): The skill's workflow for remote PRs involves checking out code using 'gh pr checkout' and then running 'npm run preflight'. This 'download then execute' pattern is highly dangerous because it runs code defined in the 'package.json' of the PR, which may be controlled by an untrusted actor.
- [Command Execution] (MEDIUM): The skill frequently uses shell commands to interact with the repository. While necessary for code review, the unconditional execution of project-specific scripts like 'preflight' on unvetted code represents a significant vulnerability.
- [Indirect Prompt Injection] (LOW): Ingestion points: The skill reads file contents and diffs from local changes and remote PRs. Boundary markers: None present; the instructions do not tell the agent to ignore prompt injection attempts within the code comments or content. Capability inventory: Access to system shell via 'npm' and 'gh' commands. Sanitization: None; the skill does not sanitize or escape the content of the files it processes before providing them to the agent for analysis.
Recommendations
- AI detected serious security threats
Audit Metadata