workflow-implement-review

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by design. It orchestrates a loop where a 'source request' (user input) is passed to sub-agents empowered with implementation and review tools.
  • Ingestion points: User-provided code and requests are stored in a workflow log and passed to 'implementation' and 'review' judges.
  • Boundary markers: The skill instructs sub-agents to 'Respect the recorded baseline' and use specific status lines, but it lacks explicit delimiters or instructions for the sub-agents to ignore potentially malicious commands embedded within the 'source request' itself.
  • Capability inventory: The workflow utilizes skill: implement and skill: review, which typically require file system access and code execution capabilities to function. The router itself uses skill: log to manage persistent state.
  • Sanitization: No sanitization or validation of the 'source request' or the resulting code diffs is mentioned before the data is passed between the implementation and review stages.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 08:57 AM
Security Audit — agent-trust-hub — workflow-implement-review