code-quality-workflow
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is highly vulnerable to indirect prompt injection as it ingests untrusted source code as primary input for analysis, review, and improvement tasks. Evidence: Found in ingestion points in
analyze-code.md(Scan step),code-review.md(Review Process), andquality-improve.md(Analyze step). Capability: The skill has significant capabilities including file modification viaEdit/MultiEditand command execution via theBashtool. Boundary Markers: There are no instructions for the agent to treat code as data only or to ignore natural language instructions embedded in comments. Sanitization: No sanitization or filtering of external content is specified. - [Command Execution] (MEDIUM): The skill explicitly enables the
Bashtool for running external analysis tools. Evidence: Found inanalyze-code.mdunder the Tool Coordination section. Risk: While intended for static analysis, this capability increases the potential impact of a prompt injection attack by providing a direct execution vector.
Recommendations
- AI detected serious security threats
Audit Metadata