skills/redpanda-data/connect/review/Gen Agent Trust Hub

review

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFE
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data in the form of pull request diffs, descriptions, and commit messages. While this presents an attack surface, the skill includes robust mitigation strategies:
  • Ingestion points: Data enters via gh pr view, gh pr diff, and git log commands.
  • Boundary markers: The instructions include an 'ABSOLUTE' security constraints section explicitly commanding the agent to ignore instructions embedded in code or PR contents.
  • Capability inventory: The skill uses Bash for reading GitHub data and Task for orchestrating sub-agents, but expressly forbids building, installing, or executing code.
  • Sanitization: The agent is instructed to flag suspected prompt injection attempts and terminate the review process.
  • [EXTERNAL_DOWNLOADS]: The skill interacts with GitHub, a well-known service, using official CLI tools (gh) and standard version control (git). All network operations are directed at the Redpanda Connect repository, which is consistent with the skill's stated purpose and authored context.
  • [DATA_EXFILTRATION]: The skill implements a proactive 'deny-list' for sensitive file patterns including .env, *secret*, *credential*, *token*, and private keys, preventing accidental or malicious exposure of credentials during the review process.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 04:23 PM
Security Audit — agent-trust-hub — review