Skills
skills/udecode/plate/ce-review/Gen Agent Trust Hub

ce-review

Warn

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill dynamically identifies and executes sub-agents using names provided in the review_agents field of compound-engineering.local.md. Because this file is located within the repository being reviewed, a malicious actor could submit a Pull Request that modifies this configuration to trigger the execution of unintended agent tasks.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the way it processes external data.
  • Ingestion points: Pull request metadata (title, body, files) via gh pr view and the markdown body of compound-engineering.local.md.
  • Boundary markers: PR content and configuration context are passed to sub-agents without delimiters or instructions to ignore embedded commands.
  • Capability inventory: The skill can execute sub-agents via the Task tool, perform repository operations via the gh CLI, and write files using the Write tool and file-todos skill.
  • Sanitization: No sanitization or validation is performed on the ingested PR data before it is passed into the agent prompts.
  • [COMMAND_EXECUTION]: Executes shell commands via the GitHub CLI (gh) to perform actions like fetching PR metadata and checking out branches, which are influenced by the provided arguments.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 15, 2026, 06:10 AM