adversarial-review
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. Attacker-controlled code being reviewed could potentially influence the agent roles.
- Ingestion points: The prompt templates in SKILL.md interpolate [CODE OR FILE REFERENCES] directly into the agent context.
- Boundary markers: The templates lack specific delimiters or instructions to the agents to ignore embedded natural language instructions within the code snippets.
- Capability inventory: The system involves spawning subagents via CLI and local file access for reading code and writing reports.
- Sanitization: There is no sanitization of the input code before it is passed to the agent prompts.
- [COMMAND_EXECUTION]: The skill provides instructions and a shell script template (run-review.sh) for users to create and execute on their local system to orchestrate the review process. While this is a documented feature, it involves manual execution of generated commands.
Audit Metadata