requesting-code-review

Fail

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The code reviewer template in code-reviewer.md uses {BASE_SHA} and {HEAD_SHA} placeholders directly within a shell command block (git diff). Since these values are not validated to be hex SHAs, an attacker could provide strings containing shell metacharacters (e.g., ;, &&, or backticks) to execute arbitrary commands on the host system.\n- [PROMPT_INJECTION]: The skill ingests untrusted data through the {PLAN_OR_REQUIREMENTS} and {DESCRIPTION} placeholders in code-reviewer.md. Without clear boundary delimiters or instructions to ignore embedded commands, a malicious requirements file could contain instructions that manipulate the reviewer agent's assessment, potentially causing it to overlook security vulnerabilities or harmful code.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 17, 2026, 07:10 AM
Security Audit — agent-trust-hub — requesting-code-review