Skills
skills/ruvnet/claude-flow/agent-reviewer/Gen Agent Trust Hub

agent-reviewer

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Command Execution (MEDIUM): The pre hook (echo "👀 Reviewer agent analyzing: $TASK") interpolates the $TASK environment variable directly into a shell execution context. If $TASK contains shell metacharacters such as backticks or command substitution ($(...)), it could lead to arbitrary command execution in the host environment where the hook runs.
  • Prompt Injection (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because its primary function is to ingest and process untrusted external code.
  • Ingestion points: The $TASK variable in the pre-hook and the source code snippets provided to the agent for analysis.
  • Boundary markers: Absent; no delimiters or explicit instructions are provided to the agent to prevent it from following instructions embedded within the code being reviewed.
  • Capability inventory: The agent has access to memory storage via the memory_store hook and MCP tools (mcp__claude-flow__memory_usage), and code analysis tools (mcp__claude-flow__github_repo_analyze).
  • Sanitization: Absent; input is processed directly without escaping or filtering of potentially malicious instructions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:13 PM