system-review
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It analyzes untrusted content from 'PROGRESS.md', execution reports, and code reviews to generate updates for other agent skills. Maliciously crafted data in these source files could potentially influence the agent to inject harmful instructions into the broader skill library.
- Ingestion points: 'PROGRESS.md', and Markdown files located in '.agents/execution-reports/' and '.agents/code-reviews/'.
- Capability inventory: The skill has the ability to execute shell commands ('git', 'gh'), create files ('Write' tool), and modify files ('Edit' tool).
- Boundary markers: While the skill uses structured sections for analysis, it lacks explicit instructions to identify or disregard adversarial instructions embedded within the implementation reports it processes.
- Sanitization: No sanitization or validation of the ingested content is performed before it is interpolated into suggested skill updates.
- [COMMAND_EXECUTION]: The skill utilizes shell commands to perform repository management and automation tasks, including interacting with a Git repository and the GitHub CLI.
- Evidence: The skill instructs the agent to use commands such as 'git remote -v', 'git push', and 'gh pr create' to commit and share skill improvements.
Audit Metadata