review-chamber
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill makes several references to executing a local Python script,
scripts/palace_manager.py, to search, list, and export knowledge captured in the project memory palace. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it ingests and processes untrusted data from pull request titles, descriptions, and comments.
- Ingestion points: Data from
finding.content,pr_info.title, andpr_info.participantsis retrieved and evaluated inmodules/capture-workflow.mdandSKILL.md. - Boundary markers: While the skill uses Markdown and YAML delimiters for structured storage, it lacks explicit instructions for the agent to disregard instructions or overrides that might be embedded within the PR content being processed.
- Capability inventory: The skill has the capability to execute shell commands (via
scripts/palace_manager.py) and perform data integration tasks across multiple palace rooms. - Sanitization: The analysis did not find any specific sanitization or validation routines for data extracted from PRs before it is scoring or persisted.
Audit Metadata