Skills
skills/yigitkonur/skills-by-yigitkonur/init-devin-review/Gen Agent Trust Hub

init-devin-review

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses local shell commands such as find, ls, and grep to analyze the repository structure and identify relevant configuration files and manifest data.
  • [DATA_EXFILTRATION]: To identify security risk areas for the generated review rules, the skill is instructed to search for sensitive strings like passwords and tokens within .env files. While this helps in drafting accurate security guidelines, it brings potentially sensitive data into the agent's context.
  • [REMOTE_CODE_EXECUTION]: The setup instructions suggest running npx devin-review as a verification step. This command downloads and executes code from the npm registry, which is an external source, although it is a recognized vendor-provided tool.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes untrusted local data (such as README.md and repository manifests) to generate its output. Maliciously crafted content within these repository files could influence the generated security rules.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 05:56 AM
Security Audit — agent-trust-hub — init-devin-review