workflow-review-changes
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is subject to an indirect prompt injection attack surface through its processing of repository data.
- Ingestion points: The sub-agent re-review protocol (defined in SKILL.md) ingests untrusted data from the repository via
git diff. - Boundary markers: The sub-agent prompt uses Markdown headers (
## Task,## Review Scope) to structure the request, but does not provide explicit instructions to the sub-agent to ignore instructions that might be embedded within the code diff itself. - Capability inventory: The workflow has the capability to write files to the local filesystem (
plans/reports/) and trigger other operational skills such as/cook(implementation) and/plan(strategy consolidation). - Sanitization: There is no evidence of sanitization or filtering of the content retrieved from the
git diffcommand before it is passed into the sub-agent's context. - [COMMAND_EXECUTION]: The skill's instructions and sub-agent templates explicitly command the execution of shell-based utilities.
- Evidence: The re-review sub-agent is instructed to execute
git diffandgrepto perform its analysis of the codebase.
Audit Metadata