cy-fix-reviews
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection due to its reliance on external data files.
- Ingestion points: Reads issue files located in
.compozy/tasks/<name>/reviews-NNN/. - Capability inventory: The agent is authorized to modify source code and execute verification commands (e.g.,
cy-final-verify). - Boundary markers: No delimiters or instructions are provided to distinguish system instructions from the untrusted content in the review files.
- Sanitization: There is no process for validating or escaping the content of the issue files before ingestion.
- [COMMAND_EXECUTION]: The skill workflow requires the execution of arbitrary commands defined within the local repository.
- Evidence: Step 5 of the workflow instructs the agent to "Run the repository’s real verification commands" and utilize
cy-final-verify, which executes shell commands based on the project's configuration.
Audit Metadata