afrexai-code-reviewer
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- PROMPT_INJECTION (HIGH): High-risk surface for Indirect Prompt Injection. 1. Ingestion points: GitHub PRs, local diffs, and pasted code. 2. Boundary markers: None identified. 3. Capability inventory: Automated scoring, decision-making, and interaction with the 'gh' CLI. 4. Sanitization: None identified. An attacker could embed malicious instructions in a PR to hijack the agent's review logic. |
- DATA_EXFILTRATION (HIGH): The skill accesses highly sensitive data, including private source code and local Git configurations. Use of the 'gh' CLI implies access to GitHub authentication tokens, creating a significant credential exposure risk. Evidence: README.md mentions 'GitHub & local git integration'. |
- COMMAND_EXECUTION (MEDIUM): The skill executes system-level commands through the 'gh' CLI and local git. If command arguments are derived from untrusted PR data without validation, it could lead to command injection. |
- Persistence Mechanisms (MEDIUM): The README explicitly mentions 'Heartbeat/cron ready' capabilities, which encourages users or agents to configure scheduled tasks, a common method for maintaining unauthorized persistence on a system. |
- Metadata Poisoning (MEDIUM): The documentation contains links to unverified GitHub Pages sites (afrexai-cto.github.io) and promotes paid 'SaaS Context Packs' ($47), luring users toward unvetted and potentially malicious third-party content.
Recommendations
- AI detected serious security threats
Audit Metadata