review
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and analyzes untrusted data in the form of source code and git diffs. Maliciously crafted code comments or strings could be used to override the agent's instructions or bias its review findings.
- Ingestion points: Local files, directory contents, and git diff output (SKILL.md).
- Boundary markers: Absent. The instructions do not specify delimiters to isolate the ingested code from the agent's internal instructions.
- Capability inventory: Reading files and git history, and generating text-based reports; no write or network permissions are specified (SKILL.md).
- Sanitization: Absent. The skill does not describe any sanitization or validation of the input data before processing.
Audit Metadata