thermos
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines a workflow that ingests untrusted data from external sources, creating a surface for indirect prompt injection.\n
- Ingestion points: Pull request diffs, branch content, and user requests (SKILL.md).\n
- Boundary markers: None identified; the instructions do not specify the use of delimiters to isolate untrusted code from subagent instructions.\n
- Capability inventory: No direct subprocess execution, file writes, or network operations are defined in this skill; it relies on launching subagents for analysis.\n
- Sanitization: None identified; untrusted data is passed to subagents without explicit filtering or escaping.
Audit Metadata