code-review
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data which presents an indirect prompt injection surface.
- Ingestion points: The skill reads source code files, architecture decision records (ADRs), and story files (including QA test cases) from the local filesystem (SKILL.md).
- Boundary markers: No explicit delimiters or system instructions are used to separate user data from instructions or to warn the agent to ignore embedded commands within the analyzed files.
- Capability inventory: The agent has access to powerful tools including Bash and Task (for spawning sub-agents), which increases the potential impact if an injection occurs.
- Sanitization: The skill does not perform sanitization, validation, or escaping of the content ingested from the project files before processing it.
Audit Metadata