coding-agent-review-method
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) due to the way it processes and interpolates code changes into prompts.
- Ingestion points: Untrusted code changes, patches, and repository files are ingested through the
review scopeandWORKDIRvariables. - Boundary markers: The prompt template in
assets/review_prompt_template.mduses textual headers (e.g., 'Review scope:') but lacks strict structural delimiters or specific instructions for the sub-agent to ignore natural language instructions embedded within the code being reviewed. - Capability inventory: The methodology involves delegating execution to external sub-agents and writing diagnostic artifacts to the filesystem.
- Sanitization: There is no evidence of sanitization or filtering of the code content before it is included in the review prompt.
Audit Metadata