review
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted data from the local filesystem to perform its review.
- Ingestion points: Reads source code, configuration files (e.g., package.json), and git diffs in SKILL.md.
- Boundary markers: Not explicitly defined in the instructions for file reading.
- Capability inventory: Invokes other specialized review tools and writes files to shiplight/reports/.
- Sanitization: No explicit sanitization of ingested file content is mentioned. This serves as a surface for indirect prompt injection where instructions hidden in the codebase could attempt to manipulate the review logic, though this is inherent to the tool's primary purpose.
- [DATA_EXFILTRATION]: The skill reads project files and git metadata to generate assessment reports. These reports are stored locally in the shiplight/reports/ directory. No external data transmission or exfiltration to unauthorized domains was detected.
- [COMMAND_EXECUTION]: The orchestrator triggers other internal tools (e.g., /shiplight:security-review) sequentially based on user selection. These tools are vendor-provided resources and part of the expected workflow.
Audit Metadata