duck-critic
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides a structured framework for cross-model verification and does not contain any malicious instructions or unauthorized system access patterns.
- [INDIRECT_PROMPT_INJECTION]: The skill processes user-generated or agent-generated artifacts which are then passed to external models for review, creating a potential injection surface. However, the skill implements the following security controls:
- Ingestion points: Untrusted artifacts (code, plans, tests) are collected and formatted in SKILL.md and references/critic-packets.md.
- Boundary markers: Review packets use structured headers (e.g., 'Goal:', 'Constraints:', 'Evidence:') to clearly delimit data segments from instructions, as defined in references/critic-packets.md.
- Capability inventory: The skill explicitly restricts critics to a read-only state across all platforms (VS Code, Copilot CLI, Claude Code), forbidding file edits, package installations, or mutating commands (SKILL.md and references/harness-adapters.md).
- Sanitization: Detailed instructions in references/critic-packets.md mandate the exclusion of secrets, private tokens, and credentials from all data transmitted to the critic models.
Audit Metadata