Skills
skills/nvidia/nemoclaw/security-code-review/Gen Agent Trust Hub

security-code-review

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses the GitHub CLI to clone repositories from GitHub for security analysis. This interaction with a well-known service is consistent with the skill's primary purpose.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it reads and analyzes untrusted content (code files and diffs) from external GitHub repositories. A PR author could embed instructions within these files to manipulate the agent's security report.
  • Ingestion points: File contents and diffs retrieved during Step 4.
  • Boundary markers: Absent; no specific delimiters or instructions to treat external content as untrusted data are included.
  • Capability inventory: Shell access for gh and git commands, and file system operations via mktemp and cd.
  • Sanitization: No sanitization or filtering of the retrieved code is performed prior to analysis.
  • [COMMAND_EXECUTION]: The skill provides bash command templates in Step 2 (gh repo clone OWNER/REPO "$TMPDIR") that interpolate variables directly into the shell. This could potentially allow for command injection if an agent extracts a repository identifier containing shell metacharacters from a provided URL.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 04:31 AM