large-feature
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests and processes external task descriptions ($ARGUMENTS) and codebase content while maintaining high-privilege capabilities.
- Ingestion points: User-provided task arguments and external source code files (SKILL.md).
- Boundary markers: No specific delimiters or "ignore instructions" warnings are used when interpolating task arguments or explored code into subagent prompts.
- Capability inventory: File system access, git repository management (checkout, commit, push), PR creation, and the ability to launch further subagents.
- Sanitization: Input from the codebase and user arguments is processed without explicit sanitization or structural validation.
- [COMMAND_EXECUTION]: The workflow orchestrates numerous shell commands, including branch creation, commits, pushes, and the execution of external review tools (e.g., opencode, codex-rescue). These operations are standard for development agents and consistent with the skill's stated purpose.
- [EXTERNAL_DOWNLOADS]: The documentation references an optional external review tool hosted on the author's public GitHub repository (github.com/arsenyinfo/nitpicker). This is a vendor-owned resource provided for code analysis purposes.
Audit Metadata