workflow-implement-review
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by design. It orchestrates a loop where a 'source request' (user input) is passed to sub-agents empowered with implementation and review tools.
- Ingestion points: User-provided code and requests are stored in a workflow log and passed to 'implementation' and 'review' judges.
- Boundary markers: The skill instructs sub-agents to 'Respect the recorded baseline' and use specific status lines, but it lacks explicit delimiters or instructions for the sub-agents to ignore potentially malicious commands embedded within the 'source request' itself.
- Capability inventory: The workflow utilizes
skill: implementandskill: review, which typically require file system access and code execution capabilities to function. The router itself usesskill: logto manage persistent state. - Sanitization: No sanitization or validation of the 'source request' or the resulting code diffs is mentioned before the data is passed between the implementation and review stages.
Audit Metadata