code-review-graph
Warn
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The 'Auto-Bootstrap Protocol' uses directive language ('MANDATORY TOOL USE', 'You MUST explicitly use', 'you MUST use your terminal tool') to override the agent's standard decision-making process and force the execution of setup tasks.
- [COMMAND_EXECUTION]: The skill instructs the agent to automatically execute terminal commands such as
code-review-graph buildand environment checks (which,Get-Command) if certain conditions are met, which grants the agent autonomy to run shell commands without per-action user consent. - [EXTERNAL_DOWNLOADS]: The instructions prompt the agent to suggest and facilitate the installation of the
code-review-graphPython package from public registries. This package and its author are not recognized as established trusted entities, introducing a risk from unverified third-party code.
Audit Metadata