Skills
skills/kubrickcode/ai-config-toolkit/code-review/Gen Agent Trust Hub

code-review

Warn

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill's workflow explicitly targets and reads sensitive file paths, including auth/ directories, authentication middleware, and files with .pem or .key extensions. These files are processed via git diff or git show and their contents are passed to sub-agents, exposing potentially sensitive credentials or secrets.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from git repositories (commit messages and diffs) and interpolates them into sub-agent prompts.\n
  • Ingestion points: Data enters the context from git diff output, git log commit messages, and repository file contents.\n
  • Boundary markers: The skill uses Markdown headers (e.g., ## Diff) to separate data, but lacks robust delimiters or instructions to ignore embedded commands within the ingested content.\n
  • Capability inventory: The skill utilizes Bash for git operations and the Task tool to trigger autonomous sub-agents (code-reviewer and architect-reviewer).\n
  • Sanitization: No sanitization, escaping, or filtering of the content within the git diffs or commit messages is performed before being passed to other agents.\n- [COMMAND_EXECUTION]: The skill relies on executing Bash commands to interact with the git filesystem. While restricted to a set of read-only git subcommands, this capability is used to extract the untrusted data that powers the workflow.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 7, 2026, 09:22 AM
Security Audit — agent-trust-hub — code-review