commit-review
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection because it ingests untrusted code data to perform its primary function.\n
- Ingestion points: The skill instructs the agent to read external code changes using
git diff(found in the '评审流程' section of SKILL.md).\n - Boundary markers: Absent. There are no instructions or delimiters defined to separate the instructions of the skill from the content of the code being reviewed.\n
- Capability inventory: The agent executes shell commands (
git) and makes critical security/quality decisions that influence the development pipeline.\n - Sanitization: Absent. The skill lacks any mechanism to sanitize or escape the content of the code diffs before processing them.\n- [COMMAND_EXECUTION] (MEDIUM): The skill requires the execution of system commands (
git diff,git diff --cached) to operate. If an agent is directed to a malicious repository, these commands or the subsequent processing of their output could be exploited to compromise the agent's logic.
Recommendations
- AI detected serious security threats
Audit Metadata