Skills
skills/innosage-llc/draft-skills/draft-review-loop/Gen Agent Trust Hub

draft-review-loop

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses draft-cli commands to manage the review lifecycle.
  • Commands like draft status, draft open, and draft comments list are utilized to interface with the Draft platform.
  • These operations are consistent with the skill's stated purpose of facilitating a local-to-remote review loop.
  • [EXTERNAL_DOWNLOADS]: The skill documentation specifies a requirement for the @innosage/draft-cli Node.js package.
  • This package is a vendor-owned resource associated with the author, innosage-llc.
  • [DATA_EXFILTRATION]: Local workspace markdown content is transmitted to the Draft service when the draft open command is executed.
  • This transmission is the primary intended function of the skill to enable external human review on the Draft GUI.
  • [PROMPT_INJECTION]: The skill processes external data by reading comments from the Draft service.
  • Ingestion points: Comments are retrieved via draft comments list <path> --json (SKILL.md).
  • Boundary markers: The skill does not explicitly define delimiters or instructions for the agent to ignore potentially malicious instructions within comments.
  • Capability inventory: The agent is instructed to use file-editing tools to apply feedback to local files.
  • Sanitization: No specific sanitization or validation steps are defined for the ingested comment data.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 08:45 AM