security-review
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted source code as its primary function.
- Ingestion points: The agent is instructed to read "specific files or the entire codebase" as defined in the 'Agent Delegation' section of SKILL.md.
- Boundary markers: The prompt provided to the subagent does not include specific delimiters or instructions to ignore embedded commands within the code being reviewed.
- Capability inventory: The skill delegates tasks to a specialized subagent ('oh-my-claudecode:security-reviewer') and utilizes MCP tools such as 'mcp__x__ask_codex'.
- Sanitization: There is no evidence of sanitization or filtering of the code content before it is passed to the language model for analysis.
- [COMMAND_EXECUTION]: The skill instructions mention running 'npm audit' to identify vulnerabilities in project dependencies. This is a standard security practice using a well-known service.
Audit Metadata