init-review
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface. It reads and processes arbitrary repository content in Phase 1 (Ingestion point: repository root) to generate the final review configuration in Phase 3 (Capability: file-write). Boundary markers and sanitization of the untrusted repository data are absent, which could allow malicious repository content to influence or hijack the generated rules.
- [DATA_EXFILTRATION]: The skill instructs the agent to scan for and identify 'risk zones' which explicitly include secrets, PII, and authentication paths in SKILL.md. While this data is used to ground security rules, the instruction to locate and collect information about these sensitive areas constitutes a data exposure risk.
Audit Metadata