python-backend-expert
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is configured with the
Bashtool and includes instructions in the 'Memory Protocol' section ofSKILL.mdto executecat .claude/context/memory/learnings.md. This is intended to provide the agent with access to persistent context across sessions. - [PROMPT_INJECTION]: The skill's core purpose is to review and provide feedback on Python code, which establishes an indirect prompt injection surface (Category 8) where malicious instructions could be embedded in the data processed by the agent. * Ingestion points: User-provided code files are ingested for analysis during review tasks and by the
scripts/main.cjstool. * Boundary markers: The instructions do not specify any delimiters (such as XML tags or unique markers) to isolate untrusted user code from the agent's system instructions. * Capability inventory: The skill is granted extensive capabilities through tools likeBash,Write,Edit,Read,Grep, andGlob. * Sanitization: There are no mechanisms described for sanitizing, validating, or escaping the content of user-provided code before it is processed in the LLM's context.
Audit Metadata