code-review
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The workflow defined in SKILL.md and SKILL.extended.md suggests running 'npm test -- --coverage' on code changes under review. This is a high-risk operation because npm test can execute arbitrary code defined in the repository's test suites or lifecycle hooks, providing a path for Remote Code Execution (RCE) if the code is malicious.
- [PROMPT_INJECTION]: The skill lacks safeguards against indirect prompt injection when processing external data from pull requests and commits. (1) Ingestion points: The skill reads changed files, commit history, and pull request descriptions. (2) Boundary markers: The instructions do not define delimiters to isolate untrusted input from agent instructions. (3) Capability inventory: The skill has the ability to run shell commands (grep) and build tools (npm). (4) Sanitization: There is no evidence of input validation or sanitization before the agent processes or acts upon the untrusted code.
Audit Metadata