cy-fix-reviews
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes issue files containing external PR review comments, creating an indirect prompt injection surface.
- Ingestion points: Untrusted data enters the agent context through issue files located in the .compozy/tasks/ directory.
- Boundary markers: The instructions lack explicit delimiters or warnings to ignore embedded instructions in the review content.
- Capability inventory: The skill possesses significant capabilities, including project-wide file modification and the execution of shell commands.
- Sanitization: No sanitization or validation of the review file content is performed before processing.
- [COMMAND_EXECUTION]: The workflow triggers the execution of the repository's real verification commands through cy-final-verify. This execution primitive is a standard development capability but could be exploited if malicious commands are injected into the review files or if the repository's build scripts are compromised.
Audit Metadata