feedback
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection due to the way it handles external data.
- Ingestion points: The skill specifically triggers on and processes user-provided artifacts such as 'plan, idea, code, writing, design, or decision' (documented in SKILL.md).
- Boundary markers: There are no instructions or structural delimiters defined to separate user data from the agent's internal logic, nor are there warnings to ignore instructions embedded within that data.
- Capability inventory: Although the skill itself contains no code, it is intended for use in development environments where the agent typically has access to file system operations and subprocess execution to review code and PRs.
- Sanitization: The skill lacks any mechanism to sanitize, escape, or validate the content of the artifacts it reviews, allowing potentially malicious instructions embedded in those artifacts to influence agent behavior.
Audit Metadata