review-response-writer
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Attack Surface
- Ingestion points: The skill is designed to process external, untrusted content in the form of App Store reviews.
- Boundary markers: The instructions lack explicit delimiters or specific instructions for the agent to ignore any commands that might be embedded within the review text being analyzed.
- Capability inventory: The skill has access to file system tools (
Read,Write,Edit,Glob,Grep) andAskUserQuestion. While it lacks network or shell execution capabilities, an injection could still influence how the agent interacts with files or the user. - Sanitization: No sanitization or validation logic is defined to filter or escape instructions found within the processed reviews.
Audit Metadata