vp-review
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted artifacts for review which may contain malicious instructions intended to manipulate the reviewer's judgment or actions. The agent has capabilities to perform web searches and read local files. Evidence Chain:
- Ingestion points: The artifact to review is provided via a file path or from current conversation history as defined in Phase 1.
- Boundary markers: Phase 1 explicitly instructs 'Context isolation', telling the agent to read ONLY the artifact and treat author-supplied framing as supplementary.
- Capability inventory: The skill can use the Skill tool, spawn subagents, perform web searches, and use Read/Grep tools.
- Sanitization: No explicit sanitization of the input artifact text is mentioned.- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill provides positive security guidance for the agent. In Failure Mode FM-17 and Checklist item 14.1, it explicitly instructs the agent never to use the Read tool on files that may contain secrets and to pipe credential values directly between tools instead of reasoning about them in plain text.
Audit Metadata