Skills
skills/ntaksh42/agents/requesting-code-review/Gen Agent Trust Hub

requesting-code-review

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • PROMPT_INJECTION (HIGH): The skill provides a significant vector for Indirect Prompt Injection by interpolating untrusted workspace data into prompts that drive agent logic and decision-making.
  • Ingestion points: Untrusted data enters via the {WHAT_WAS_IMPLEMENTED} and {PLAN_OR_REQUIREMENTS} placeholders defined in SKILL.md.
  • Boundary markers: The instructions do not provide delimiters or clear boundaries to isolate untrusted content from the subagent's core operational logic.
  • Capability inventory: The subagent's output ('Ready to proceed', 'Fix Critical issues') directly influences high-privilege downstream actions, including further code modifications and merging.
  • Sanitization: There is no evidence of sanitization or escaping for the external content before it is processed.
  • COMMAND_EXECUTION (LOW): The skill requires the execution of local shell commands (git rev-parse, git log) to identify relevant code changes. While standard for this context, it confirms the agent's capability to execute shell subprocesses.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 10:48 PM