qa-reviewer
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [Dynamic Execution] (MEDIUM): The skill executes a Python script via
python3 -cto count markdown code blocks inreferences/full-guide.md. Executing dynamically provided code strings at runtime is a notable risk factor. - [Data Exposure & Exfiltration] (LOW): The skill reads internal configuration files within the
.agents/directory (e.g.,cat .agents/SYSTEM/critical/CRITICAL-NEVER-DO.md). While intended for project rule verification, this demonstrates a capability to access internal system files. - [Indirect Prompt Injection] (LOW): The skill is designed to process untrusted workspace data without explicit sanitization or boundary markers, making it a surface for injection attacks.
- Ingestion points: Local markdown and source files read via
cat,grep, andpython(inreferences/full-guide.md). - Boundary markers: Absent; the agent is instructed to read files directly into the context.
- Capability inventory:
bash,python3,grep,git,ls, andfindcommands across all files. - Sanitization: No sanitization or escaping of external content is performed before interpolation or processing.
Audit Metadata