code-review-ai-ai-review
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill includes Python and Shell examples that execute external command-line tools such as
sonar-scanner,semgrep,codeql, andtrufflehogviasubprocess.runand standard shell execution. These operations are aligned with the skill's core purpose of automating code quality and security reviews. - [EXTERNAL_DOWNLOADS]: The CI/CD workflow examples reference trusted GitHub Actions, specifically
actions/checkout@v4andactions/github-script@v7. It also references official tools and libraries from well-known organizations including Anthropic and OpenAI, which are treated as safe sources. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection vulnerability (Category 8).
- Ingestion points: Untrusted data from pull request diffs and descriptions are read directly into the agent's context within
SKILL.md. - Boundary markers: The prompt templates do not utilize clear delimiters or instructions to ignore embedded commands within the ingested code or descriptions.
- Capability inventory: The orchestrator has the capability to run shell commands, interact with the GitHub API to post comments, and perform network requests to AI model providers.
- Sanitization: There is no evidence of sanitization or escaping of the
code_difforpr_descriptionvariables before they are interpolated into the final prompt strings.
Audit Metadata