Skills
skills/tbsten/mir/mir-review-snippet/Gen Agent Trust Hub

mir-review-snippet

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes npx mir sync <name> and npx mir install <name>. If the snippet name variable (<name>), which is derived from local files or metadata, contains shell metacharacters (e.g., ;, &, |), it could lead to arbitrary command execution.
  • [EXTERNAL_DOWNLOADS]: The use of npx mir involves the npx package runner, which may download the mir package from the npm registry if it is not present in the local environment.
  • [PROMPT_INJECTION]: The skill reads and analyzes files within .mir/snippets/. Since these files can contain arbitrary text, they serve as a vector for indirect prompt injection, where malicious instructions inside a snippet could attempt to subvert the agent's review logic.
  • Ingestion points: .mir/snippets/<name>.yaml and directory contents (SKILL.md)
  • Boundary markers: Absent
  • Capability inventory: Local file reading, file modification, and shell command execution (SKILL.md)
  • Sanitization: No explicit sanitization or validation of snippet content is mentioned before processing or inclusion in commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 01:58 PM