jbct-review
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: The skill ingests untrusted data from the local file system using Glob to find all Java files (
**/*.java) in the target path. - Boundary markers: None. The files are listed directly under 'Files to review:' in the prompt without delimiters or instructions to ignore embedded commands, allowing malicious code comments to override the reviewer's instructions.
- Capability inventory: While the skill lacks direct shell execution or file-write capabilities, it has the high-privilege role of providing a 'Recommendation' (APPROVE/REQUEST CHANGES). A compromised review can lead to the introduction of malicious code into a codebase if this agent's output is trusted for merge decisions.
- Sanitization: Absent. There is no escaping or filtering of the content being read from the Java files.
- [DATA_EXFILTRATION] (LOW): The skill reads potentially sensitive source code and transmits it to other sub-agents. While this is the intended functionality, users should ensure the sub-agents and the underlying model provider are within their organization's trust boundary, as entire repositories may be exposed to the model context.
Recommendations
- AI detected serious security threats
Audit Metadata