gerrit
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The troubleshooting section advises downloading a script (commit-msg hook) from a remote placeholder URL (https://review.example.com/tools/hooks/commit-msg) and making it executable via chmod u+x. This pattern allows for the execution of arbitrary remote code.
- [COMMAND_EXECUTION] (HIGH): Installation instructions for Debian/Ubuntu systems use sudo apt install, which requires operations with administrative privileges.
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection because it retrieves and processes commit messages and metadata from external Gerrit servers.
- Ingestion points: Results from gerrit query and downloaded patchsets.
- Boundary markers: No delimiters or explicit instructions to ignore embedded commands are present.
- Capability inventory: The skill executes shell commands through git-review and ssh.
- Sanitization: No input validation or sanitization is performed on data fetched from Gerrit.
Recommendations
- AI detected serious security threats
Audit Metadata