Skills
skills/noobygains/godmode/quality-gate/Gen Agent Trust Hub

quality-gate

Pass

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The code-reviewer.md subagent is vulnerable to indirect prompt injection through its interpolation of untrusted data.
  • Ingestion points: The {PLAN_OR_REQUIREMENTS} and {DESCRIPTION} fields are populated from external project files and implementation narratives, which enter the subagent's context.
  • Boundary markers: Absent. The subagent's prompt does not use delimiters or boundary markers to separate the instructions from the interpolated data, nor does it include warnings to ignore embedded commands.
  • Capability inventory: The subagent has the capability to execute shell commands (git diff) and provide quality assessments, which could be manipulated by malicious content within the requirements files.
  • Sanitization: No sanitization or validation logic is defined for the input variables before they are used in the prompt or command templates.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 5, 2026, 07:45 PM
Security Audit — agent-trust-hub — quality-gate