dialectic-partner
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were identified in the skill's logic or implementation steps.
- [COMMAND_EXECUTION]: The skill utilizes standard development commands such as "git diff" to provide necessary context for debates, which is consistent with its intended use for design and code evaluation.
- [DATA_EXFILTRATION]: The skill accesses local files and git metadata to inform the debate process but does not include any mechanisms for network communication or unauthorized data transfer.
- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection where untrusted file content is processed by subagents (ingestion points). It employs markdown separators and designated task headers as boundary markers. Available capabilities include subagent invocation, file system access for logging, and command execution via subagents. Although explicit input sanitization is absent, the mandatory "Main Agent Isolation Principle" serves as a critical security control by requiring human-in-the-loop approval for all modifications, effectively mitigating the risk of adversarial instructions.
Audit Metadata