universal-code-reviewer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection surface. The skill instructions mandate that 'Project Rules' (PHASE 1) take highest priority and explicitly forbid the AI from using its 'internal knowledge' to override them. This allows an attacker with write access to a repository to embed malicious instructions in project-specific rule files that the agent will then obey during the code review process. Evidence Chain: 1. Ingestion: Reads files from {project_root} to determine rules. 2. Boundaries: Explicitly absent; instructions command the agent to ignore internal safety in favor of external rules. 3. Capabilities: Decisions with side effects (Block/Approve CRs) and script execution. 4. Sanitization: None detected.
- [COMMAND_EXECUTION] (MEDIUM): Mandated local script execution. The skill requires the use of
run_commandto executescripts/rule_manager.py. While the script is intended to be local, it was not provided for analysis, making its path handling and potential for secondary command injection or network downloads unverifiable.
Recommendations
- AI detected serious security threats
Audit Metadata