requesting-code-review
Fail
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The code reviewer template in
code-reviewer.mduses{BASE_SHA}and{HEAD_SHA}placeholders directly within a shell command block (git diff). Since these values are not validated to be hex SHAs, an attacker could provide strings containing shell metacharacters (e.g.,;,&&, or backticks) to execute arbitrary commands on the host system.\n- [PROMPT_INJECTION]: The skill ingests untrusted data through the{PLAN_OR_REQUIREMENTS}and{DESCRIPTION}placeholders incode-reviewer.md. Without clear boundary delimiters or instructions to ignore embedded commands, a malicious requirements file could contain instructions that manipulate the reviewer agent's assessment, potentially causing it to overlook security vulnerabilities or harmful code.
Recommendations
- AI detected serious security threats
Audit Metadata