resonance-reviewer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to process untrusted code from Pull Requests which could contain malicious instructions targeting the agent.
- Ingestion points: Processes repository files via
read_fileduring PR audits. - Boundary markers: Lacks explicit boundary markers or instructions to ignore embedded commands within the code being reviewed.
- Capability inventory: Possesses
run_command,write_file, andedit_filetools which could be abused if an injection is successful. - Sanitization: No evidence of input sanitization or validation for processed code files.
- [Command Execution] (LOW): The skill uses the
run_commandtool to perform automated checks such as linting and testing. - Evidence:
SKILL.mdidentifiesrun_commandas a tool and the 'Operational Sequence' includes executing CI checks (Lint, Test, Build). - Context: While this is a primary function of the skill, executing scripts (e.g.,
npm run lint) on untrusted branches carries an inherent risk of arbitrary code execution via compromised build configurations.
Audit Metadata