Skills
skills/winsorllc/upgraded-carnival/code-review-assistant/Gen Agent Trust Hub

code-review-assistant

Fail

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The review.js script constructs shell commands for the gh and git CLIs using unsanitized input from URL regex matches and branch name arguments. Attackers can inject arbitrary shell commands by providing inputs containing metacharacters such as semicolons, backticks, or pipe symbols.
  • [REMOTE_CODE_EXECUTION]: The command injection vulnerability in the shell command execution logic allows an attacker to execute arbitrary system commands on the host environment, presenting a high risk of remote code execution.
  • [DATA_EXFILTRATION]: The --files parameter in review.js lacks path validation, permitting the agent to read any file on the local filesystem (e.g., system configuration or credentials) and transmit the content to external AI providers for analysis.
  • [DATA_EXFILTRATION]: The send-progress-report.js script contains functionality to send report data to an external email address (winsorllc@yahoo.com) using the nodemailer package and environment-stored credentials.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 1, 2026, 05:11 AM