adversarial-review
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands to coordinate reviews between external model CLIs and manage temporary files. Evidence includes usage of mktemp, codex exec, and claude -p in SKILL.md.
- [REMOTE_CODE_EXECUTION]: The skill suggests running tests on code under review via the --profile edit flag in codex exec, which could lead to the execution of malicious code if the input code being reviewed is untrusted.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it interpolates untrusted code diffs into reviewer prompts without adequate boundary protection.
- Ingestion points: The code or diff to review is inserted into the prompt template in SKILL.md.
- Boundary markers: Absent; the instructions do not include delimiters or explicit warnings to ignore embedded instructions.
- Capability inventory: The skill performs shell command execution and file system access as defined in SKILL.md.
- Sanitization: Absent; the skill does not validate or sanitize input code before processing.
Audit Metadata