code-review
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from project files and git diffs using multiple LLM agents.
- Ingestion points: Project source code, git diff output, and CLAUDE.md files (SKILL.md).
- Boundary markers: The instructions do not specify any delimiters or safety prompts to prevent the agent from following instructions embedded in the code being reviewed.
- Capability inventory: The skill can execute shell commands for building/linting, modify files (applying fixes and TODOs), and interact with external services via MCP tools.
- Sanitization: No evidence of sanitization or filtering of the ingested code content exists before processing by the LLM.
- [COMMAND_EXECUTION]: The skill automatically detects and executes build and lint commands found within the project's environment to verify fixes. This creates a vector for arbitrary command execution if the project's configuration files (e.g., Makefile, package.json) are modified by an attacker.
Audit Metadata