review-gemini
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill uses the
bunxutility to download and execute the@willbooster/agent-skillspackage from the npm registry at runtime. - [COMMAND_EXECUTION]: Executes shell commands via the
Bashtool to perform the review. The instructions include a specific directive to not stop the command for at least one hour, which is an unusual requirement that forces the agent to keep a process active for an extended period. - [EXTERNAL_DOWNLOADS]: Fetches the
@willbooster/agent-skillspackage from the npm registry using the@latesttag, which lacks version pinning and always pulls the most recent code. - [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface because it processes untrusted content from the codebase being reviewed. 1. Ingestion points: Code files within the current branch. 2. Boundary markers: Absent; there are no instructions to the agent to differentiate between the code content and instructions. 3. Capability inventory: The
Bashtool is available to the agent for executing commands. 4. Sanitization: Absent; no sanitization or content validation is performed on the files before they are processed by the tool.
Audit Metadata