review
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to ingest and analyze untrusted code and diff context provided by users (Ingestion point: SKILL.md). It contains no boundary markers or instructions to ignore embedded commands, and no sanitization of the input is performed. Because the agent is granted the 'Bash' tool to 'inspect implementation' (Capability inventory: SKILL.md), this creates a significant surface for indirect prompt injection where malicious instructions in comments could be executed.
- [Command Execution] (HIGH): The skill provides the agent with access to the 'Bash' tool and explicitly instructs it to use the tool to inspect implementation, history, and tests (SKILL.md). An attacker providing a malicious code sample for review could embed shell commands that the agent would then execute with the privileges of its environment.
Recommendations
- AI detected serious security threats
Audit Metadata