Skills
skills/pjt222/development-guides/review-codebase/Gen Agent Trust Hub

review-codebase

Warn

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill requires the Bash tool for inventorying files. A shell environment enables the execution of arbitrary commands on the host system beyond the intended scope.
  • [DATA_EXFILTRATION]: The skill is instructed to audit for hardcoded secrets, API keys, and credentials. When combined with the WebFetch tool, this creates a significant exfiltration surface for sensitive data found during the review.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the analysis of untrusted files in the target_path. 1. Ingestion points: Files read using Read, Grep, and Glob within the user-specified directory. 2. Boundary markers: None; the skill lacks instructions to distinguish between the agent's core logic and instructions potentially embedded in the audited code. 3. Capability inventory: Read, Grep, Glob, Bash, and WebFetch. 4. Sanitization: None; data ingested from the codebase is not validated or sanitized before being processed by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 18, 2026, 07:14 AM
Security Audit — agent-trust-hub — review-codebase