code-reviewer
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The session start hook executes a command to read project constraints from a local YAML file using the 'yq' utility.
- Evidence: 'yq -o=json '.constraints' .claude/config.yaml' in SKILL.md.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting data from a configuration file that could be controlled by an external actor.
- Ingestion points: Reads '.constraints' from '.claude/config.yaml' during session start in SKILL.md.
- Boundary markers: None present; the command echoes raw JSON output directly into the agent's context.
- Capability inventory: Defined for agents performing code analysis, development, and quality assessment.
- Sanitization: None; the skill does not validate or filter the configuration file content before display.
Audit Metadata