ai-code-reviewer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is highly vulnerable to instructions embedded within the code it analyzes. Malicious comments in a processed code snippet could override the agent's logic or force it to report a false 'SAFE' status.
- Evidence Chain:
- Ingestion points: Tools
analyze_code_with_codex,analyze_code_with_gemini, andanalyze_code_combinedtake raw code as input. - Boundary markers: Absent. There is no evidence of delimiters or 'ignore' instructions for the external content.
- Capability inventory: The skill produces 'Full Audit' reports and 'Security Scan' results which influence user trust and merging decisions.
- Sanitization: No sanitization of the input code is described.
- Data Exfiltration & Exposure (MEDIUM): The skill's primary function is sending local code snippets to external AI models (OpenAI/Google). This constitutes a data exposure risk for proprietary or sensitive source code.
- External Downloads & Dependencies (LOW): The skill requires pre-installed 'Codex CLI' and 'Gemini CLI'. While Google-Gemini is a trusted source, the specific provenance of the 'Codex CLI' is not provided, posing a potential supply chain risk.
- No Code Provided (INFO): The submission contains only documentation (SKILL.md) and no executable script files. The actual behavior of the MCP tools and their handling of data cannot be verified.
Recommendations
- AI detected serious security threats
Audit Metadata