moai-core-code-reviewer
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. • Ingestion points: Source code files are read using the Read and Glob tools for analysis. • Boundary markers: There are no specific delimiters or instructions defined to isolate the content of the analyzed files from the agent's primary instructions. • Capability inventory: The agent is authorized to use Write, Edit, and Bash tools, which increases the potential impact of a successful injection. • Sanitization: The skill does not perform sanitization or filtering of the content within the ingested files to prevent malicious instructions from being interpreted.
- [COMMAND_EXECUTION]: The skill performs local command execution to facilitate code quality checks. • Evidence: The script scripts/pre-review-check.sh executes git, pytest, ruff, mypy, and bandit in the local environment.
Audit Metadata