pre-submit-pr
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill explicitly instructs the agent to run shell scripts (
.claude/hooks/lint.sh,.claude/hooks/test.sh, and.claude/hooks/check-debug.sh) that are part of the target repository. Because these files are part of the data being processed, they are untrusted. An attacker could modify these scripts to execute malicious code on the agent's host system. - Indirect Prompt Injection (HIGH): The skill reads and interprets multiple files from the repository (
PRINCIPLES.md,INVARIANTS.md, etc.) to make decisions about PR readiness. Malicious instructions placed inside these files could manipulate the agent's logic, leading to bypassed security checks or fraudulent 'PASS' verdicts. - Boundary Markers (ABSENT): There are no delimiters or instructions provided to the agent to help it distinguish between its own system instructions and the content it reads from the untrusted repository files.
Recommendations
- AI detected serious security threats
Audit Metadata