reviewer
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill creates an attack surface by processing untrusted external data (PR code) alongside the capability to execute local scripts. 1. Ingestion points: Source code changes and PR descriptions are ingested during the review SOP (
FLOW.md). 2. Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the code being audited. 3. Capability inventory: The skill executes several scripts (scripts/check-openapi-sync.js,scripts/lighthouse-ci.sh, andscripts/checks/*.js|sh) to perform analysis as part of its core functionality. 4. Sanitization: The instructions do not mention sanitizing or escaping the untrusted code content before it is passed to the execution environment. - Safe (SAFE): The automated scanner alert for 'logger.info' is a false positive; 'logger.info' is a standard programmatic logging pattern, not a malicious URL.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata