Skills
skills/miracloon/my-vibecoding/governance-docs-codex-review/Gen Agent Trust Hub

governance-docs-codex-review

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • PROMPT_INJECTION (HIGH): The skill implements a dangerous automated update mechanism vulnerable to Indirect Prompt Injection (Category 8).
  • Ingestion points: Contents of files at {README_PATH}, {CLAUDE_PATH}, and {GOVERNANCE_DOCS_LIST} are ingested into the agent context for review.
  • Boundary markers: No delimiters or safety instructions are used to distinguish untrusted document content from the skill's logic.
  • Capability inventory: The skill possesses the capability to overwrite local files, specifically targeting AGENTS.md (a core instruction file) and creating vN-review.md reports.
  • Sanitization: No sanitization, validation, or filtering is performed on the content of CLAUDE.md before it is copied to AGENTS.md in Step 0.
  • COMMAND_EXECUTION (MEDIUM): Step 0 directs the agent to execute shell-level operations, including git for change detection and file system commands for overwriting configuration files. While these are functional requirements, they serve as the delivery mechanism for malicious instructions ingested through the injection surface.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 10:23 AM