code-review
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is highly vulnerable to instructions embedded in the data it processes.
- Ingestion points: Reads code diffs and file content from untrusted branches or pull requests (SKILL.md).
- Boundary markers: No delimiters or instructions are provided to the agent to distinguish between the code being reviewed and its own instructions.
- Capability inventory: The skill encourages the agent to 'Make targeted fixes' (file-write operations) based on the content of the diff.
- Sanitization: No evidence of input validation or sanitization to filter out executable natural language instructions found in code comments or strings.
Recommendations
- AI detected serious security threats
Audit Metadata