multiversx-diff-review
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill exposes a significant surface for Indirect Prompt Injection. 1. Ingestion points: Analyzes git diffs and external source code as specified in its review workflow. 2. Boundary markers: Absent; there are no instructions to delimit or ignore instructions within the code being reviewed. 3. Capability inventory: Recommends executing
sc-meta testandcargo tarpaulin. 4. Sanitization: Absent. Malicious instructions embedded in code comments or PR descriptions could influence the agent's review results or trigger dangerous capabilities. - COMMAND_EXECUTION (HIGH): The skill suggests running
sc-meta testandcargo tarpaulinon changes. Because these tools execute the code's own test suite, they allow a malicious codebase to achieve arbitrary code execution in the agent's environment.
Recommendations
- AI detected serious security threats
Audit Metadata