review-remediator
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted user-provided review text as its primary input (Ingestion point). While it lacks explicit boundary markers to isolate this text, it implements a mandatory verification stage where findings must be cross-referenced with actual source files. The skill has capabilities to read and write files (Capability inventory), but strictly requires user confirmation for sensitive changes (auth, crypto, payments) or large modifications, serving as an effective defense (Sanitization) against indirect prompt injection.
- [COMMAND_EXECUTION]: The skill instructions proactively direct the agent to avoid attempting to gain elevated permissions, specifically mentioning that commands like
sudoorchmodshould not be used. It focuses on safe file modifications with a human-in-the-loop requirement for risky actions. - [DATA_EXFILTRATION]: The skill's operations are restricted to local file reading for verification and writing to a local audit log (
.agents/skills/review-remediator/log.jsonl). No network-based exfiltration paths or access to sensitive credential stores were detected.
Audit Metadata