adversarial-review
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes external command-line tools (claude, codex, and gemini) through shell scripts to perform code analysis. These tools are configured with security-focused flags such as '--sandbox', '--permission-mode dontAsk', and '--approval-mode plan' to ensure they operate in a read-only capacity.
- [COMMAND_EXECUTION]: The harness scripts use Python subprocesses to parse JSON responses from the reviewer tools, following standard automation patterns for structured data validation.
- [PROMPT_INJECTION]: The skill processes untrusted repository data (diffs and source code), which constitutes an indirect prompt injection surface. This is mitigated by instructions framing agents as adversarial reviewers and the use of structured prompt boundaries. Ingestion points: Repository principles and review scope processed in SKILL.md. Boundary markers: Structured prompt templates with explicit 'Stay read-only' directives. Capability inventory: Execution of CLI tools and Python parsers. Sanitization: Untrusted inputs are processed as raw text without specialized escaping.
Audit Metadata