pr-pre-push-review
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it interpolates the contents of files being reviewed directly into a template for a sub-agent.\n
- Ingestion points: File contents are pasted into the sub-agent prompt template in SKILL.md via the placeholders
{paste the full file contents here}and{paste 1-2 representative existing files}.\n - Boundary markers: The template lacks robust delimiters (such as XML tags or dedicated boundary strings) or explicit instructions to the sub-agent to ignore any logic-altering commands found within the provided code snippets.\n
- Capability inventory: The parent agent performs file reads and orchestrates a sub-agent for text analysis; while it does not directly execute code, the sub-agent's analysis could be compromised.\n
- Sanitization: There is no evidence of sanitization, escaping, or filtering of the file contents before they are interpolated into the prompt.
Audit Metadata