Skills
NYC
skills/smithery/ai/code-reviewer/Gen Agent Trust Hub

code-reviewer

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (MEDIUM): The skill executes npm run preflight as part of the review workflow. This command runs scripts defined in the project's package.json file. If an attacker submits a Pull Request that modifies the preflight script, the agent will execute the malicious commands upon checkout.
  • REMOTE_CODE_EXECUTION (MEDIUM): The combination of gh pr checkout followed by npm run preflight allows for remote code execution. An attacker can craft a malicious PR that, when checked out and tested by the agent, executes arbitrary code on the host machine.
  • PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8).
  • Ingestion points: Untrusted data enters the agent's context through PR descriptions, comments, and the source code changes themselves.
  • Boundary markers: Absent. The instructions do not specify any delimiters or safety prompts to prevent the agent from following instructions embedded in the PR data.
  • Capability inventory: The agent has access to the local file system (git), network tools (gh), and shell execution (npm).
  • Sanitization: Absent. There is no evidence of sanitization or validation of the PR content before it is read and processed by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:15 PM