Skills
skills/poteto/noodle/adversarial-review/Gen Agent Trust Hub

adversarial-review

Warn

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes the codex exec and claude CLI tools to perform adversarial reviews. It supports the --profile edit flag for codex exec, which allows the reviewer to execute tests on the code being reviewed, potentially leading to unintended code execution within the environment based on the content of the diffs or workspace files.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it interpolates untrusted data from diffs and user messages directly into prompts for external CLI reviewers.
  • Ingestion points: Recent diffs, plans, and user messages identified in Step 2 of SKILL.md.
  • Boundary markers: Absent. The reviewer prompt template does not use delimiters to isolate untrusted content from instructions.
  • Capability inventory: Shell command execution via codex and claude CLIs, and file system modifications in /tmp via mktemp and output redirection.
  • Sanitization: There is no evidence of sanitization or escaping for the data incorporated into the shell commands or the review prompts, which could lead to command injection if the content contains shell metacharacters.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 3, 2026, 01:35 AM