reviewer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- Prompt Injection (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it is designed to ingest and process untrusted code snippets from external sources for review. Evidence Chain: (1) Ingestion points: Code snippets or files provided by users via /rev or /reviewer commands. (2) Boundary markers: Absent; there are no instructions to use delimiters or to ignore instructions embedded within the reviewed code. (3) Capability inventory: The skill instructions suggest running local shell commands (grype, trivy). (4) Sanitization: Absent.
- Command Execution (LOW): The skill explicitly instructs the agent to run local CLI tools such as
grype .,trivy fs ., andnpm audit. While these are standard security tools, they constitute a command execution surface. Since this is aligned with the primary purpose of the skill, the severity is kept at LOW. - No Code (SAFE): The skill consists exclusively of a Markdown file (SKILL.md) containing role definitions and instructions. It does not include any accompanying Python, JavaScript, or shell script files.
Audit Metadata