Skills
skills/intpp/agent-skills/code-review/Gen Agent Trust Hub

code-review

Fail

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill takes the target-branch argument and interpolates it directly into shell commands within the Bash tool. A malicious branch name containing shell metacharacters (e.g., ; rm -rf /) could trigger arbitrary command execution.
  • Evidence: git diff --name-status origin/<target_branch>...HEAD in SKILL.md (Step 1 and Step 4 sub-agent logic).
  • [PROMPT_INJECTION]: The skill reads instructions from a file named .review-agent.md located within the repository being reviewed and injects its content directly into the sub-agent prompt without sanitization or boundary markers. This creates an indirect prompt injection surface where a repository owner can control the agent's behavior.
  • Ingestion points: .review-agent.md file (Step 3 and Step 4 in SKILL.md).
  • Boundary markers: Absent. The file content is placed directly above other instructions in the sub-agent prompt.
  • Capability inventory: Bash, Read, Glob, Grep, and the Agent tool for recursive task delegation.
  • Sanitization: None detected. The raw content of the external file is included in the prompt.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 9, 2026, 02:56 PM