Skills
skills/vltansky/vladstack/vs-roast-my-code/Gen Agent Trust Hub

vs-roast-my-code

Warn

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands to perform code reviews, specifically node "${CLAUDE_PLUGIN_ROOT}/scripts/codex-companion.mjs" review --wait and codex review. The use of the ${CLAUDE_PLUGIN_ROOT} environment variable to construct executable paths introduces a risk where the execution could be hijacked if the environment is manipulated.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It ingests untrusted data (source code via git diff) and is instructed to "auto-apply fixes, no user interaction" during Pass 1. Malicious instructions embedded in the code being reviewed (e.g., in comments or string literals) could influence the agent's "auto-fix" behavior to perform unauthorized file modifications.
  • Ingestion points: Reads code changes via git diff (SKILL.md).
  • Boundary markers: None provided to separate code content from instructions.
  • Capability inventory: File modification ("auto-apply fixes") and command execution (Pass 2).
  • Sanitization: No validation or sanitization of the reviewed code content is performed before processing.
  • [REMOTE_CODE_EXECUTION]: The skill utilizes dynamic execution by running a JavaScript file (codex-companion.mjs) from a path determined at runtime. This pattern makes the skill's security dependent on the integrity of the environment and external files.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 1, 2026, 03:12 PM
Security Audit — agent-trust-hub — vs-roast-my-code