correctness-reviewer
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and analyze untrusted code. An attacker could place malicious instructions within code comments or data structures to trick the agent into executing unintended commands.
- Ingestion points: Processes external code provided via user input or retrieved using the
Read,Grep, andGlobtools (SKILL.md). - Boundary markers: No specific delimiters or instructions are provided to the agent to differentiate between the code being reviewed and its own operating instructions.
- Capability inventory: The agent has access to the
Bashtool, enabling shell command execution, as well as file system access tools (SKILL.md). - Sanitization: There are no instructions for sanitizing or escaping the content of the code before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill configuration allows access to the
Bashtool. While this is likely intended for running tests or analysis scripts, it provides a high-privilege execution environment that could be exploited if the agent is compromised via indirect prompt injection. (Evidence:tools: Read, Grep, Glob, Bashin SKILL.md)
Audit Metadata