Skills
skills/netresearch/peer-qa-review-skill/peer-qa-review/Gen Agent Trust Hub

peer-qa-review

Warn

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The script scripts/qa-gather.sh performs dynamic code loading by using the find command to search for Python scripts like qa-gather.py within the plugin cache and executing them with uv run. This creates a runtime dependency on files located at computed paths.
  • [COMMAND_EXECUTION]: Instructions in the skill's checklist (Stage 2, R2) tell the agent to re-run verification commands provided by implementers in Jira comments. This allows untrusted data to trigger shell command execution.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of untrusted Jira ticket content. 1. Ingestion points: Ticket descriptions and comments are fetched via scripts/qa-gather.sh. 2. Boundary markers: Absent. The skill lacks instructions to treat external data as untrusted or ignore embedded instructions. 3. Capability inventory: The agent has access to powerful tools including Bash, Read, Write, and Edit. 4. Sanitization: Absent. There is no validation or sanitization of content from the ticket system before processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 27, 2026, 08:47 PM