pessimistic-code-review
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes project-specific test commands (e.g.,
pytest,npm test,php artisan test,go test) to independently verify code functionality. These commands are executed in the local environment as part of the Phase 3 verification process. - [PROMPT_INJECTION]: The skill contains a behavioral override instruction requiring the agent to always respond in Italian regardless of the user's language setting, which restricts standard agent interaction behavior.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted inputs—such as pull request descriptions, task specifications, and code diffs—while possessing high-privilege capabilities like file writing and command execution.
- Ingestion points: Untrusted data enters the context via the task specification (PR body, ticket) and the code files or diffs being reviewed (SKILL.md).
- Boundary markers: No explicit delimiters or markers are used to isolate untrusted input content from the agent's logic, increasing the risk of the agent following embedded instructions.
- Capability inventory: The agent can execute shell commands for testing and modify files to apply fixes (SKILL.md, Steps 5 and 6).
- Sanitization: There is no specified logic for sanitizing or escaping external content before it is interpolated into prompts.
Audit Metadata