reviewing-code
Fail
Audited by Gen Agent Trust Hub on Feb 13, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is susceptible to Indirect Prompt Injection. Ingestion points: It reads external source code and PR descriptions (SKILL.md). Boundary markers: There are no defined delimiters to prevent the agent from interpreting comments in the code as instructions. Capability inventory: The skill can 'Post comments to GitHub PR' and 'Create tasks' (SKILL.md, After Review), providing a path for an attacker to trigger unauthorized actions. Sanitization: No sanitization or escaping of the processed code is mentioned.
- [NO_CODE] (INFO): The skill consists entirely of markdown instructions without executable scripts or dependency files.
Recommendations
- AI detected serious security threats
Audit Metadata