code-review
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to process and implement feedback from external reviewers, which constitutes a high-severity attack surface. Malicious feedback could lead to unauthorized code modifications or command execution through the implementation phase. Evidence: External feedback ingestion points in 'references/code-review-reception.md'; implementation and verification capabilities in 'SKILL.md' and 'references/verification-before-completion.md'. No sanitization or boundary markers are defined for this untrusted input.
- [Command Execution] (MEDIUM): The 'Verification Gates' protocol in 'references/verification-before-completion.md' requires the agent to run arbitrary commands (tests, builds) from the local environment. This is a vector for code execution if the workspace contains malicious configuration files or test scripts.
- [Prompt Injection] (LOW): The skill contains instructions that strictly override the agent's default behavior, such as prohibiting polite or 'performative' responses ('No performative agreement') and defining a secret signaling phrase ('Strange things are afoot at the Circle K') for use when the agent is uncomfortable with feedback.
Recommendations
- AI detected serious security threats
Audit Metadata