review-response-writer

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Attack Surface
  • Ingestion points: The skill is designed to process external, untrusted content in the form of App Store reviews.
  • Boundary markers: The instructions lack explicit delimiters or specific instructions for the agent to ignore any commands that might be embedded within the review text being analyzed.
  • Capability inventory: The skill has access to file system tools (Read, Write, Edit, Glob, Grep) and AskUserQuestion. While it lacks network or shell execution capabilities, an injection could still influence how the agent interacts with files or the user.
  • Sanitization: No sanitization or validation logic is defined to filter or escape instructions found within the processed reviews.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 05:18 PM
Security Audit — agent-trust-hub — review-response-writer