code-review-pro
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (HIGH): High risk of Indirect Prompt Injection due to the combination of untrusted data ingestion and significant side-effect capabilities. 1. Ingestion points: Identified in SKILL.md as Pull Request content, Git history, and Jira/GitHub Issues. 2. Boundary markers: No evidence of delimiters or ignore instructions provided to the agent for this data. 3. Capability inventory: Includes execution of scripts (scripts/pr-audit.ts), build tools (bun run build), and dynamic skill activation (activate_skill). 4. Sanitization: No sanitization or filtering of external input is specified.
- [COMMAND_EXECUTION] (MEDIUM): The skill is configured to run build commands and local scripts. Evidence: performance-audit.md instructs the agent to run 'bun run build --profile', and SKILL.md references 'scripts/pr-audit.ts'. These could be manipulated if an attacker can influence the environment via a Pull Request.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill relies on unverified external dependencies. Evidence: SKILL.md protocols mandate the activation of 'auditor-pro' and 'strict-auditor' skills, which are external to the package and come from unverified sources.
Recommendations
- AI detected serious security threats
Audit Metadata