receiving-code-review
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Prompt Injection (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8) due to its core workflow of acting on external feedback.
- Ingestion points: Untrusted feedback from 'External Reviewers' (as defined in SKILL.md) is processed as instructions for the agent.
- Boundary markers: The skill lacks technical boundary markers or sanitization for external input; it relies on the agent 'verifying' instructions, which is a logic-based defense that can be bypassed by adversarial prompts.
- Capability inventory: The agent is empowered to modify the local codebase ('IMPLEMENT') and use the GitHub CLI ('gh api') to respond to threads, providing a high-impact path for an attacker who successfully injects instructions.
- Sanitization: None. The skill does not escape or validate the content of the external feedback before it influences the agent's implementation decisions.
Recommendations
- AI detected serious security threats
Audit Metadata