req-code-review
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates automated code reviews by ingesting and processing untrusted external data, including implementation plans, design documents, and source code. This architecture presents a surface for indirect prompt injection, where malicious instructions hidden in the materials being reviewed could influence the AI agent's findings or recommendations.
- Ingestion points: The skill reads implementation plans, design documents, acceptance criteria, and source code files as described in SKILL.md.
- Boundary markers: The instructions do not define explicit delimiters or instructions for the sub-agents to ignore potentially malicious embedded prompts within the reviewed content.
- Capability inventory: The skill reads local files, writes Markdown reports to the file system, and coordinates multiple sub-agents.
- Sanitization: There is no evidence of sanitization or content filtering for the data ingested from the repository.
Audit Metadata