PR Review
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Remote Code Execution] (HIGH): The skill performs build verification and testing by running 'make oc' and 'make test'. These commands execute shell instructions defined in the Makefile of the repository being reviewed. An attacker can craft a Pull Request containing a malicious Makefile that executes arbitrary shell commands (e.g., reverse shells or data exfiltration) when these targets are called.
- [Indirect Prompt Injection] (HIGH): This skill processes untrusted PR data and has high-privilege execution capabilities.
- Ingestion points: The skill reads PR source code, git diff output, and configuration files like go.mod and Makefile.
- Boundary markers: Absent. There are no instructions to the agent to isolate the code or ignore embedded instructions.
- Capability inventory: Full shell execution via 'make' and 'go' binaries.
- Sanitization: Absent. The skill does not validate or sanitize the Makefile or dependency files before execution.
- [External Downloads] (MEDIUM): Running 'go mod tidy' triggers the Go toolchain to resolve and download external modules. In an untrusted PR context, this can be exploited to pull in malicious dependencies or trigger network requests to attacker-controlled domains via custom module proxies or dependency substitution.
Recommendations
- AI detected serious security threats
Audit Metadata