code-review
Fail
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (CRITICAL): The automated URLite scanner detected a blacklisted entry for 'sql.md'. This file is a mandatory reference for the skill's SQL review logic, indicating that a primary component of the skill is compromised or points to malicious resources.
- PROMPT_INJECTION (LOW): The skill possesses a high surface for Indirect Prompt Injection (Category 8). It reads external files, directories, and diffs to perform audits. Findings: 1. Ingestion points: Direct reading of codebase entry points and dependencies (Step 1). 2. Boundary markers: Absent. No instructions exist to prevent the model from following commands hidden in code comments. 3. Capability inventory: Spawns subagents, utilizes the 'context7' MCP for documentation, writes to the local file system (REVIEW.md), and applies code modifications. 4. Sanitization: Absent.
- COMMAND_EXECUTION (MEDIUM): The skill directs the agent to 'Spawn Subagents' (Step 5) with specific tasks (Security, Architecture, Language). Because these subagents are created and tasked based on the content of untrusted source code, an attacker can use injected code to redirect subagent priorities or exploit the MCP tool interface.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata