Skills
skills/olamedia/analytics-skills/code-review/Gen Agent Trust Hub

code-review

Warn

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use the Shell tool to run various CLI utilities including git, gh (GitHub CLI), and cargo. These tools provide broad access to the local system and external repositories.\n- [REMOTE_CODE_EXECUTION]: In references/rust/toolchain-setup.md, the instructions direct the agent to 'run all of these yourself' against the code under review, including cargo test and cargo clippy. Executing tests or build processes on untrusted code (e.g., from a third-party GitHub PR) is a high-risk activity, as malicious projects can use build.rs scripts or test suites to execute arbitrary code on the host machine.\n- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests and processes untrusted text from source code files and git diffs.\n
  • Ingestion points: Untrusted data enters the context via git diff, gh pr diff, and the Read tool when scanning project files.\n
  • Boundary markers: The skill lacks explicit instructions or delimiters to prevent the agent from following 'instructions' embedded as comments or strings within the code being reviewed.\n
  • Capability inventory: The agent has access to the Shell tool, which could be exploited if an injection attack successfully manipulates the agent's behavior.\n
  • Sanitization: No sanitization or safety-filtering is performed on the ingested code content before it is processed by the LLM.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 19, 2026, 08:02 PM