Skills
skills/pedronauck/skills/adversarial-review/Gen Agent Trust Hub

adversarial-review

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands to invoke external CLI tools (codex exec and claude) and standard utilities (mktemp, ls) for its core review workflow as documented in SKILL.md.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to the processing of untrusted codebase data.\n
  • Ingestion points: Untrusted data enters the context from recent code diffs, referenced plans, and user messages in SKILL.md (Step 2 and 3).\n
  • Boundary markers: The reviewer prompt template does not utilize distinct boundary markers or specific instructions to prevent the model from following commands embedded within the code being reviewed.\n
  • Capability inventory: The skill possesses the capability to execute subprocesses via the codex and claude CLIs as specified in SKILL.md.\n
  • Sanitization: No sanitization, escaping, or validation logic is applied to the external content before it is placed into the prompt template.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 01:46 AM