proj-review
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the 'mvn compile' command to perform initial code validation and dependency checks. This is a standard and expected operation for a Java-based code review utility.
- [PROMPT_INJECTION]: The skill ingests untrusted source code as part of its review process, which introduces a surface for indirect prompt injection. 1. Ingestion points: External source code files reviewed via the agent (referenced in SKILL.md). 2. Boundary markers: None defined to isolate code content from instructions. 3. Capability inventory: The agent has capabilities for file reading, file modification (auto-fix), and shell command execution ('mvn compile'). 4. Sanitization: No input validation or code sanitization is performed prior to analysis.
Audit Metadata