code-review
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill suggests cloning a repository from an unverified GitHub user ('truffi/shellcheck') for use as a security scanner, which poses a risk of executing untrusted code.
- [COMMAND_EXECUTION]: Provides instructions to run local tools and scripts such as 'npm test', 'npm run lint', and 'sonar-scanner'. These commands execute logic defined in the project's 'package.json' or local configuration, which can be exploited to run arbitrary code if the repository being reviewed is malicious.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests untrusted data from 'git diff' and file contents. Ingestion points: Git diff outputs and file search results. Boundary markers: None present. Capability inventory: Shell command execution (npm/git) and GitHub API access. Sanitization: No escaping or validation of external content is specified.
- [CREDENTIALS_UNSAFE]: Includes commands to search for and expose hardcoded secrets, passwords, and API keys ('grep -rE "password|secret|api[_-]?key"'). While intended for auditing, this behavior extracts sensitive information into the agent's active context.
- [REMOTE_CODE_EXECUTION]: The combination of cloning an unverified repository and the potential to execute its contents constitutes a remote code execution risk.
Audit Metadata