request-review
Warn
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute CLI commands for external tools like Claude Code and Cursor using flags specifically designed to bypass human verification and safety permissions (e.g.,
--dangerously-skip-permissionsand--yolo). This allows the agent to modify the file system and execute system actions without user approval, significantly increasing the risk of autonomous destructive behavior. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) because it ingests and acts upon content generated by external tools and the source code under review.
- Ingestion points: Phase 1 and 2 involve reading the output from CLI tools (
kimi,agent,claude) which are processing potentially attacker-controlled source code. - Boundary markers: Absent. The instructions do not define clear delimiters or provide warnings to the agent to ignore instructions embedded within the review results.
- Capability inventory: Phase 3 grants the agent the capability to perform file writes and code modifications based on the ingested data.
- Sanitization: Absent. There is no evidence of validation or sanitization of the review findings before they are used to guide code repairs.
Audit Metadata