agent-code-reviewer
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The instructions explicitly mandate that the agent must 'Execute/test the actual functionality' and verify that they 'Ran/built the code' using the Bash tool. This core functionality results in the execution of arbitrary code provided by the user or found in the repository, which can lead to system compromise if the code contains malicious payloads.
- [PROMPT_INJECTION]: The skill is highly vulnerable to indirect prompt injection because it is designed to ingest and process external code files which may contain instructions targeting the agent. 1. Ingestion points: Code files, dependency manifests, and git diff output processed during the review. 2. Boundary markers: Absent. The instructions do not provide delimiters or guidance to ignore instructions embedded within the code being reviewed. 3. Capability inventory: The agent has access to powerful tools including Bash (shell execution), Write/Edit (file modification), and WebFetch/WebSearch (network access). 4. Sanitization: None. The skill does not perform any validation or sanitization of code content before interpreting or executing it.
Audit Metadata