caveman-review
Pass
Audited by Gen Agent Trust Hub on Jun 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content from pull request diffs that could contain malicious instructions.
- Ingestion points: The skill ingests untrusted code diffs when a user invokes commands such as "review this PR" or "/caveman-review".
- Boundary markers: The instructions do not define clear delimiters or "ignore embedded instructions" warnings for the agent when processing the diff data.
- Capability inventory: The skill has file-write capabilities, specifically creating new files in the
llmwiki/wiki/draft/cave/directory and appending entries tollmwiki/wiki/index.mdandllmwiki/wiki/log.md. - Sanitization: There is no evidence of input validation or output sanitization, meaning an attacker could potentially influence the content written to the wiki or manipulate the agent's behavior during the review process.
Audit Metadata