vibe-coder-sdlc
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Command Execution (LOW): The agents (specifically
code-review-agentandgit-workflow-agent) use shell commands to perform their tasks. While these commands are standard for developer tools, they represent a potential attack surface if parameters like branch names or PR numbers are derived from untrusted input. - Indirect Prompt Injection (LOW): The
code-review-agentreads pull request diffs to perform code reviews. This creates a surface where an attacker can embed malicious instructions within code comments or diff content to influence the agent's behavior. - Ingestion points:
gh pr diff <number>inreferences/code-review-agent.md. - Boundary markers: Absent. The instructions do not specify delimiters or warnings to ignore embedded instructions in the diff data.
- Capability inventory: The agents can execute
gitcommands,ghcommands (create PRs, comment, merge), and file system checks (ls). - Sanitization: No sanitization or validation of the diff content or PR metadata is mentioned before processing.
Audit Metadata