code-review
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The 'Review Commands' section includes 'pip install radon'. Installing packages dynamically during execution is a risk as it relies on external registries and can be exploited via dependency confusion or supply chain attacks.- PROMPT_INJECTION (LOW): The skill processes external, untrusted code. It lacks explicit boundary markers (e.g., XML tags or delimiters) to separate the code from instructions, creating a surface for indirect prompt injection via comments or strings in the reviewed files. 1. Ingestion points: Processes user-provided source files via commands like 'grep' and general LLM context. 2. Boundary markers: Absent. The skill does not define specific delimiters to isolate user code. 3. Capability inventory: Execution of shell commands (grep, git, npm, pip, radon, cargo). 4. Sanitization: None. The skill directly analyzes raw text input.- COMMAND_EXECUTION (LOW): The skill utilizes several system commands ('grep', 'git diff', 'git log', 'npm audit', 'pip-audit', 'cargo audit') to perform its audit. While these align with the stated purpose, they represent an active execution profile that interacts with the filesystem and environment.
Audit Metadata