code-reviewer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill automatically executes the yq command during SessionStart to read .claude/config.yaml.
- Evidence: command: if command -v yq && [ -f ".claude/config.yaml" ]; then yq -o=json '.constraints' .claude/config.yaml.
- Risk: Processing untrusted project files with system tools can lead to behavior manipulation if the configuration is malicious.
- PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests and processes untrusted external data (code) while having command execution capabilities.
- Ingestion points: Untrusted source code files provided for review and .claude/config.yaml.
- Boundary markers: No explicit delimiters or 'ignore instructions' warnings are present in the methodology.
- Capability inventory: Shell command execution via yq.
- Sanitization: No sanitization or validation of external code content or configuration data is implemented.
Recommendations
- AI detected serious security threats
Audit Metadata