review-work
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill automates the identification and execution of application-specific commands (such as those found in
package.json,Makefile, ordocker-compose.yml) specifically for the purpose of hands-on QA verification by a sub-agent. - [EXTERNAL_DOWNLOADS]: The Context Mining agent is instructed to access external data sources including GitHub (issues and pull requests), Slack messages, and Notion documents to gather background information relevant to the code changes.
- [PROMPT_INJECTION]: The skill uses variables like
FILE_CONTENTS,DIFF, andGOALto interpolate potentially untrusted project data into sub-agent prompts, creating a surface for indirect prompt injection. - Ingestion points: Project source code and git diffs are inserted into the prompts for the Oracle and QA agents.
- Boundary markers: The skill uses XML-style tags like
<file_contents>and<diff>to wrap the data, which helps the model distinguish data from instructions but does not eliminate injection risks. - Capability inventory: Sub-agents have the capability to execute shell commands and perform network requests.
- Sanitization: There is no evidence of automated sanitization or filtering of the project data before it is included in sub-agent prompts.
Audit Metadata