review-prompt

Pass

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it passes raw user input from the $ARGUMENTS variable directly to the prompt-reviewer agent.\n
  • Ingestion points: The $ARGUMENTS placeholder in SKILL.md serves as the entry point for untrusted data into the agent context.\n
  • Boundary markers: Absent. The skill does not use any delimiters (such as triple quotes or XML tags) or specific instructions to isolate the user input from the agent's core task instructions.\n
  • Capability inventory: The skill has the capability to transfer context and execution flow to another specialized agent (prompt-reviewer).\n
  • Sanitization: Absent. There is no evidence of input validation, escaping, or filtering before the data is interpolated into the final prompt.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 26, 2026, 09:24 AM
Security Audit — agent-trust-hub — review-prompt