Skills
skills/junhyunny/skills/review-and-commit/Gen Agent Trust Hub

review-and-commit

Warn

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill automatically detects and executes project-local scripts and binary wrappers such as ./gradlew and ./mvnw based on the project's file structure (SKILL.md Steps 4, 5, and 6). Executing these scripts from an untrusted repository could result in arbitrary code execution on the host system.
  • [REMOTE_CODE_EXECUTION]: The skill uses commands like npm test and npm run lint which execute scripts defined in the package.json file. These scripts can be easily modified to include malicious shell commands that the agent will trigger automatically during its workflow.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it analyzes untrusted code changes for its review process.
  • Ingestion points: Changes retrieved via git diff HEAD and git status (SKILL.md Step 1).
  • Boundary markers: Absent. The skill does not implement delimiters or specific instructions to isolate or ignore natural language commands embedded within the code being analyzed.
  • Capability inventory: The skill has the ability to execute shell commands (git, npm, gradlew, pytest, etc.), modify files, and perform git commits.
  • Sanitization: Absent. Code content from the diff is processed directly by the model without escaping or validation.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 17, 2026, 12:03 AM