Skills
skills/laurenceputra/agent-skills/code-review/Gen Agent Trust Hub

code-review

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • PROMPT_INJECTION (HIGH): The skill is designed to ingest and process external, untrusted content (source code and pull requests) without implementing boundary markers or explicit sanitization instructions. This creates a significant surface for indirect prompt injection attacks.
  • Ingestion points: Source code changes, pull request descriptions, and commit metadata.
  • Boundary markers: None present in the instructions.
  • Capability inventory: The agent is granted access to high-privilege tools: bash and git.
  • Sanitization: No input validation or filtering is specified.
  • COMMAND_EXECUTION (HIGH): The skill grants the agent the ability to execute shell commands via bash and perform repository operations via git. In an adversarial scenario, an attacker could embed malicious instructions in the code being reviewed (e.g., in a string literal or comment) that the agent might inadvertently execute, potentially leading to unauthorized file access or data exfiltration.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:34 PM