code-review
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is highly vulnerable to indirect prompt injection because it ingests untrusted code from the 'src/' directory and documentation while possessing command execution capabilities. Evidence Chain: 1. Ingestion points: 'src/' files and 'docs/functional-design.md'. 2. Boundary markers: Absent. 3. Capability inventory: Execution of 'npm run test:coverage' and file writing to 'docs/'. 4. Sanitization: Absent.
- Command Execution (HIGH): The skill triggers the execution of 'npm run test:coverage' based on the untrusted repository's configuration. A malicious 'package.json' or test script could lead to arbitrary command execution on the host machine.
Recommendations
- AI detected serious security threats
Audit Metadata