skill-reviewer
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface identified. The skill's primary function is to read and analyze other skill files (SKILL.md), which may originate from untrusted sources. These files could contain instructions designed to deceive the reviewer or trigger unintended agent actions.
- Ingestion points: Processes user-provided SKILL.md files and project-wide metadata in Step 1.
- Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are implemented when processing file content.
- Capability inventory: The skill utilizes file system enumeration and reading capabilities to fulfill its review task.
- Sanitization: External content is processed without prior validation or sanitization of embedded natural language instructions.
- [COMMAND_EXECUTION]: The Claude Code integration guidelines (references/claude-code.md) describe the use of dynamic context commands (e.g.,
!git branch) which involve shell execution. While these are documented platform features, they represent a command execution surface. - [EXTERNAL_DOWNLOADS]: The skill references external URLs for guidelines and source material (references/sources.md). These target trusted organizations (Anthropic) and well-known services (GitHub) and are documented for informational purposes.
Audit Metadata