vibe-review-code
Fail
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent to download and execute the 'serena' tool directly from an unverified third-party GitHub repository (
github.com/oraios/serena) usinguvx. This pattern executes remote code at runtime without verifying the source against a trusted vendors list. - [COMMAND_EXECUTION]: The skill triggers several local shell commands and scripts, including
bash scripts/serena_gate.sh,bash scripts/lint.sh,gh pr diff, andgit diff. This assumes that the local scripts and environment are secure and trustworthy. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from code diffs and pull request feedback. Malicious instructions embedded in code comments could influence the agent's behavior or conclusions during the review process.
- Ingestion points:
SKILL.md(viagit diff,gh pr diff, and external review feedback). - Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands within the processed code.
- Capability inventory: Extensive shell execution capabilities including
bash,uvx,gh, andgitacross multiple steps. - Sanitization: Absent; the skill does not specify any filtering or escaping of the ingested code content before processing.
Recommendations
- AI detected serious security threats
Audit Metadata