duck-critic

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill provides a structured framework for cross-model verification and does not contain any malicious instructions or unauthorized system access patterns.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes user-generated or agent-generated artifacts which are then passed to external models for review, creating a potential injection surface. However, the skill implements the following security controls:
  • Ingestion points: Untrusted artifacts (code, plans, tests) are collected and formatted in SKILL.md and references/critic-packets.md.
  • Boundary markers: Review packets use structured headers (e.g., 'Goal:', 'Constraints:', 'Evidence:') to clearly delimit data segments from instructions, as defined in references/critic-packets.md.
  • Capability inventory: The skill explicitly restricts critics to a read-only state across all platforms (VS Code, Copilot CLI, Claude Code), forbidding file edits, package installations, or mutating commands (SKILL.md and references/harness-adapters.md).
  • Sanitization: Detailed instructions in references/critic-packets.md mandate the exclusion of secrets, private tokens, and credentials from all data transmitted to the critic models.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 07:34 AM
Security Audit — agent-trust-hub — duck-critic