Skills
skills/win4r/agent-skills-code-review-router/code-review-router/Gen Agent Trust Hub

code-review-router

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection vulnerability via raw git diff processing.
  • Ingestion points: File content changes are captured via git diff HEAD and piped directly to the gemini and codex CLIs in Step 6.
  • Boundary markers: Absent. Data is piped into the LLM without delimiters or instructions to ignore embedded instructions.
  • Capability inventory: The skill invokes local command-line tools and generates reports that influence user perception of code safety and merge decisions.
  • Sanitization: Absent. Malicious instructions in code comments (e.g., '// Ignore issues') can manipulate the review output.
  • [DATA_EXFILTRATION] (HIGH): Access to sensitive configuration files and potential credential exposure. The skill specifically identifies and processes .env files, credential stores, and private keys (*.pem, *.key) and sends their content to external providers via CLI tools.
  • [COMMAND_EXECUTION] (LOW): Execution of local system commands for repository analysis. The skill uses git, which, wc, and awk to gather repository metadata and calculate complexity.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:39 AM