clojure-review
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly susceptible to Indirect Prompt Injection because it is designed to ingest and act upon untrusted external data (Clojure code diffs) while having access to system-level tools. * Ingestion points: Code changes read via Read and Grep tools from local files. * Boundary markers: Absent; there are no instructions to the agent to distinguish between its configuration and the content of the files it is reviewing. * Capability inventory: Includes 'Bash', 'Read', 'Grep', and 'Glob', providing a path for an attacker to execute shell commands if the agent follows instructions hidden in code comments. * Sanitization: Absent; no logic exists to filter out prompt-like structures in the data being reviewed.
- COMMAND_EXECUTION (MEDIUM): The skill explicitly grants the agent 'Bash' tool access. While the skill's purpose is code review, the unrestricted nature of this tool, when combined with the ingestion of untrusted code, creates a risk of arbitrary command execution if the agent's logic is subverted.
Recommendations
- AI detected serious security threats
Audit Metadata