code-review
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection (Category 8) due to the handling of external data.
- Ingestion points: The skill ingests untrusted code changes, diffs, and project structures from pull requests or merge requests as specified in SKILL.md.
- Boundary markers: None. The prompt does not utilize delimiters (like XML tags or specific markers) or explicit instructions to ignore embedded commands within the code being reviewed.
- Capability inventory: The skill generates structured feedback, including line numbers and concrete improvements. When integrated into CI/CD platforms, this feedback can influence merge decisions or trigger automated workflows.
- Sanitization: No sanitization or escaping of the ingested code content is performed before the agent processes it.
- [CREDENTIALS_UNSAFE] (LOW): While the skill correctly identifies hardcoded secrets as a security risk to report, it has no protections to prevent an attacker from including real credentials in a PR to test if the agent exfiltrates them or if the underlying model logs them.
Recommendations
- AI detected serious security threats
Audit Metadata