Skills
skills/verneagent/tiny-skills/claude-review/Gen Agent Trust Hub

claude-review

Warn

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill interpolates user-controlled input from the focus parameter directly into shell commands. If a user provides malicious input that includes shell metacharacters (e.g., semicolons, backticks), they can execute arbitrary commands on the host system.
  • Evidence: The commands in SKILL.md (Step 1 and Step 4) use ${FOCUS} inside double-quoted strings within a bash context.
  • [PROMPT_INJECTION]: The skill processes untrusted project data and passes it to an external LLM (Claude) without sufficient protection against adversarial instructions embedded in the code.
  • Ingestion points: git diff, git show, and git ls-files in SKILL.md ingest the current project's codebase.
  • Boundary markers: Absent; the code changes are piped directly into the claude prompt without clear delimiters or 'ignore' instructions.
  • Capability inventory: The skill utilizes Bash, Write, Edit, and Read tools, which could be abused if the agent follows instructions found within the reviewed code.
  • Sanitization: Absent; the skill performs no escaping or validation of the code content before passing it to the CLI tool.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 25, 2026, 08:48 AM