code-quality
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill processes untrusted external data (source code) and has 'bash_run' and 'fs_read' capabilities, creating a significant attack surface.
- Ingestion points: Source code provided by users via keyword triggers or the /review command.
- Boundary markers: Absent; there are no instructions provided to the agent to treat analyzed code as passive data or to ignore instructions embedded within it.
- Capability inventory: The 'bash_run' tool permits arbitrary shell command execution, and 'fs_read' permits reading sensitive files.
- Sanitization: No sanitization, escaping, or schema validation is mentioned for the ingested code blocks, meaning malicious instructions can be interpolated directly into the agent's reasoning process.
Recommendations
- AI detected serious security threats
Audit Metadata