review-assumptions
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes session reports containing external data that could influence the agent's behavior during code modification tasks.
- Ingestion points: Data is ingested through session reports (e.g.,
codagent:session-report) as described in the 'Extracting findings' section of SKILL.md. - Boundary markers: The skill uses a subagent to isolate extraction and recommends building a 'finding ledger' to track items, which helps manage context but lacks formal escaping or delimiters for the untrusted data.
- Capability inventory: The skill is authorized to edit files, dispatch subagents for code changes, and perform git commits.
- Sanitization: There is no technical sanitization of the report content. However, the skill provides instructional guardrails such as 'spot-check before classifying' and 'verify first' before making code-based claims.
Audit Metadata