nutmeg-review
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the dispatch of sub-agents using prompt templates that incorporate untrusted data, creating an indirect prompt injection surface.
- Ingestion points: Data provided in the user's review request, the content of the files being reviewed ([FILE_PATHS]), and the user's profile file (.nutmeg.user.md) are interpolated directly into the instructions for the data-reviewer and chart-reviewer agents.
- Boundary markers: The templates in SKILL.md lack structural delimiters (such as XML tags, triple backticks, or specific markers) or clear instructions to the sub-agents to ignore or isolate any malicious commands embedded within the reviewed materials.
- Capability inventory: The orchestrating skill is granted the Bash, Write, and Agent tools, which provide a significant capability surface if an indirect injection successfully redirects the agents' execution flow.
- Sanitization: No sanitization, validation, or escaping mechanisms are present to process the untrusted strings before they are inserted into the prompt templates.
Audit Metadata