receiving-code-review
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection because it instructs the agent to process and implement feedback from potentially untrusted 'External Reviewers'. 1. Ingestion points: Feedback strings received from external sources. 2. Boundary markers: Absent; feedback is not delimited or identified as untrusted. 3. Capability inventory: File implementation (write) and 'grep' command execution. 4. Sanitization: No validation or filtering is applied to the feedback content before it influences code changes.
- PROMPT_INJECTION (MEDIUM): The instructions mandate a specific persona that explicitly overrides standard AI communicative guidelines (e.g., prohibiting gratitude) and references violations of internal 'CLAUDE.md' rules, which could be used to bypass safety filters or behavioral constraints.
- COMMAND_EXECUTION (LOW): The skill utilizes 'grep' to search the codebase based on external suggestions, which constitutes a subprocess execution capability triggered by untrusted input.
Recommendations
- AI detected serious security threats
Audit Metadata