code-reviewer
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use
run_commandfor executing static analysis tools such asnpx eslintandnpx tsc. While these are standard tools for code quality, they represent a vector for local command execution. - [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because its primary function involves processing untrusted source code provided by users or external repositories.
- Ingestion points: Uses the
read_fileandgreptools to ingest arbitrary source code into the LLM context. - Boundary markers: No explicit delimiters or system instructions are provided to the agent to distinguish between the code being analyzed and potential instructions embedded within that code.
- Capability inventory: The agent possesses the capability to run shell commands (
run_command) and modify files (edit_file), which could be targeted by a successful injection. - Sanitization: There is no evidence of sanitization, filtering, or instruction-stripping performed on the ingested code before it is interpreted by the agent.
Audit Metadata