review
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It is instructed to load and follow 'shared doctrine' and 'guidance' from repository-specific files like
AGENTS.mdandCLAUDE.md. Since these files are part of the repository being reviewed, they are untrusted inputs that could contain malicious instructions designed to influence the agent's behavior or verdict.\n - Ingestion points: Repository guidance files (
AGENTS.md,CLAUDE.md) and source code files as specified inSKILL.mdandreferences/reviewing.md.\n - Boundary markers: Absent; no delimiters are defined to isolate untrusted configuration content from system instructions.\n
- Capability inventory: Access to
gitfor diffing and shell execution for running tests (pnpm test) as specified inSKILL.md.\n - Sanitization: Absent; the agent is directed to incorporate repository doctrine directly into its reasoning process.\n- [COMMAND_EXECUTION]: The workflow encourages executing repository-defined tests using commands like
pnpm testto verify behavior. Running untrusted code during the auditing process can lead to arbitrary command execution if the repository contains malicious test scripts, as outlined inSKILL.md.
Audit Metadata