Skills
skills/prorise-cool/claude-code-multi-agent/code-quality-specialist/Gen Agent Trust Hub

code-quality-specialist

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The sub-skills code-reviewer, code-archaeologist, and test-results-analyzer are provided with Bash tool access. The instructions specifically guide the agent to run project-specific commands like npm test, pytest, and go test. This creates a risk where malicious code in a project's build or test configuration (e.g., package.json scripts) could be executed by the agent.
  • [REMOTE_CODE_EXECUTION] (MEDIUM): The skill's primary function involves executing code from the external repositories it analyzes. In the context of an untrusted repository, this constitutes a vector for remote code execution within the agent's environment.
  • [Indirect Prompt Injection] (LOW): The skill lacks security boundaries when processing external code and logs. An attacker could embed instructions in code comments or metadata to manipulate the agent's analysis or output.
  • Ingestion points: Codebase files accessed via Read, Grep, and LS tools (e.g., in core_code-archaeologist.md).
  • Boundary markers: Absent; no delimiters or warnings to ignore instructions within analyzed files are present in the prompt templates.
  • Capability inventory: Bash, Write, Edit, MultiEdit, NotebookEdit, and TodoWrite tools across various sub-agents.
  • Sanitization: None; the agent processes and interprets raw file content and log data directly.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:07 PM