skills/jeremylongshore/claude-code-plugins-plus-skills/performing-security-code-review/Gen Agent Trust Hub
performing-security-code-review
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Dynamic Execution (MEDIUM): The file
assets/example_code_vulnerable.pycontains multiple dangerous execution patterns includingpickle.loads()andsubprocess.run(..., shell=True). - Evidence: The script defines a
MaliciousClasswith a__reduce__method returning(os.system, ("rm -rf /",)). This is a classic RCE payload that would execute if the agent deserializes the provided example string. - Context: These are provided as 'vulnerable examples', which aligns with the skill's primary purpose. Per the security analysis guidelines, the severity is kept at MEDIUM rather than HIGH because it is part of the intended educational use-case, but the presence of live destructive payloads remains a risk.
- Indirect Prompt Injection (LOW): This skill is highly susceptible to Category 8 (Indirect Prompt Injection) because its core functionality involves ingesting and processing untrusted code for analysis.
- Ingestion points: The skill analyzes user-provided code snippets and directory structures via the
code_analyzer.pyscript. - Boundary markers: The
SKILL.mdinstructions do not define clear delimiters or specific warnings to ignore instructions embedded within the code being analyzed. - Capability inventory: The skill is granted
Bash(cmd:*),Write, andEditpermissions, providing a significant impact surface if an injection succeeds. - Sanitization: No explicit sanitization or pre-processing of the input code is described in the skill logic or the Python scripts.
- Command Execution (LOW): The skill explicitly requests the
Bash(cmd:*)permission. While needed for 'security scans' and 'audits', the unrestricted wildcard*allows for any command to be executed, which increases the risk if the agent is manipulated via prompt injection.
Audit Metadata