skills/ascend-ai-coding/awesome-ascend-skills/external-gitcode-ascend-ascendc-operator-code-review/Gen Agent Trust Hub
external-gitcode-ascend-ascendc-operator-code-review
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data into its reasoning process without isolation.
- Ingestion points: The skill accepts untrusted content through 'Parameter 1: Code Snippet', 'Parameter 2: Review Rule Description', and an optional 'Parameter 3: Specification File Path' in
SKILL.md. - Boundary markers: The instructions do not define delimiters or specific warnings to ignore instructions embedded within the provided code snippets or descriptions.
- Capability inventory: The skill is granted significant capabilities, including reading local files and using LSP/Grep tools to analyze code logic and dependencies.
- Sanitization: No sanitization or validation is performed on the input parameters before they are used to drive the agent's analysis or file access operations.
Audit Metadata