Skills
skills/notque/claude-code-toolkit/perses-code-review/Gen Agent Trust Hub

perses-code-review

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection. It is designed to ingest and analyze untrusted content (code files, pull request diffs, and configuration schemas) from external sources.
  • Ingestion points: Reads .go, .tsx, .cue, and .json/.yaml files from project repositories during the Phase 1: CLASSIFY and Phase 2: REVIEW steps.
  • Boundary markers: The instructions lack explicit boundary markers or directives to the agent to ignore instructions embedded within the code being reviewed.
  • Capability inventory: The skill is authorized to use Bash, Write, Edit, and Agent tools across all scripts. This combination of reading untrusted data and having high-privilege tool access creates an exploitable surface.
  • Sanitization: There is no mention of sanitizing, escaping, or validating the external content before it is processed by the agent or passed to tools.
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands via the Bash tool.
  • Evidence: The instructions explicitly require running percli lint on dashboard definitions and using Grep/Glob to scan the filesystem. Executing commands on files provided by external contributors carries an inherent risk of command injection if the input is not strictly validated by the underlying CLI tool.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 05:27 PM