eval-integration
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is entirely instructional, providing a structured workflow for code review and system auditing. It proactively addresses security by instructing the agent to scan for hardcoded secrets and verify the integrity of authentication flows.
- [SAFE]: No instances of prompt injection, obfuscation, or unauthorized command execution were detected. The skill's operations are confined to analyzing provided project data.
- [SAFE]: Indirect Prompt Injection Risk: The skill processes untrusted data including specifications, plans, and source code. However, this is inherent to its primary purpose as an evaluator. The instructions are focused on analysis rather than execution of instructions found within the data.
- Ingestion points: Reads
spec.md,plan.md,.env.example, source code insrc/lib/, database schemas, and webhook handlers. - Boundary markers: The instructions do not define specific delimiters or "ignore" directives for the data being evaluated.
- Capability inventory: The evaluation process implies the use of file-reading tools to access the required inputs.
- Sanitization: There are no explicit instructions for sanitizing or escaping the content of the files being reviewed.
Audit Metadata