vendure-graphql-reviewing
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill utilizes standard POSIX commands (
find,grep,head) to search for code patterns. These operations are limited to read-only access of the local project directory and are appropriate for the tool's stated purpose of auditing code quality. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes external content (source code). While it has no write or exfiltration capabilities, there is an inherent risk that an agent reviewing maliciously crafted source code could be influenced by instructions embedded in comments. This is a common characteristic of code review skills rather than a specific malicious intent in the instruction file.
- [DATA_EXPOSURE] (SAFE): Analysis of the grep patterns shows they target architectural anti-patterns (missing context, missing transactions) rather than searching for credentials or sensitive system files.
Audit Metadata