review-security
Warn
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill is designed to access high-sensitivity files such as .env and search for hardcoded credentials (API keys, private keys, and secrets) as a core part of its security auditing functionality.\n- [COMMAND_EXECUTION]: The skill uses shell commands through git and gh to determine the scan scope and retrieve file contents from pull requests and commits.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and analyzes untrusted source code and pull request data. Malicious code could contain instructions designed to manipulate the automated analysis and report generation.\n
- Ingestion points: Codebase file contents read via the Read tool and pull request metadata retrieved via the gh CLI.\n
- Boundary markers: The skill provides high-level guidelines for the agent but lacks technical delimiters or explicit instructions to ignore embedded commands within the analyzed code snippets.\n
- Capability inventory: The skill has access to tools including Bash (git/gh), Read, Grep, Glob, Task, and TodoWrite.\n
- Sanitization: No sanitization or validation of the ingested code content is performed before it is passed to the AI sub-agents for review.
Audit Metadata