open-code-review
Fail
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The installation script (
scripts/install.sh) executes a remote shell script using thesh -c "$(curl ...)"pattern. The source is the official repository of a well-known technology provider. - [EXTERNAL_DOWNLOADS]: The skill downloads the
ocrCLI and its installer from thealibaba/open-code-reviewGitHub repository. It also supports installation via the global NPM registry. - [COMMAND_EXECUTION]: The
scripts/install.shscript utilizessudoto install the binary to/usr/local/binwhen direct write access is unavailable. Thescripts/run-review.shandscripts/run-scan.shscripts wrap the execution of theocrbinary, passing user-supplied arguments to the tool. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data (git diffs and whole code files) and passes them to an LLM via the
ocrCLI. - Ingestion points: Untrusted source code files and Git diffs are read by the
run-review.shandrun-scan.shscripts and passed to the review CLI. - Boundary markers: Not explicitly defined in the wrapper scripts.
- Capability inventory: The skill is authorized to use
Bash,Read,Write, andEdittools, allowing it to modify code based on the tool's findings. - Sanitization: None; the skill relies on the external CLI's internal handling and the agent's interpretation of its output.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/${REPO}/main/install.sh - DO NOT USE without thorough review
Audit Metadata