ziw-review
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill processes untrusted data from external sources such as PR bodies, commits, and tracker state, which could contain instructions designed to influence the agent's behavior.
- Ingestion points: PR bodies, commit messages, and issue tracker metadata identified in the Inputs and Context sections of SKILL.md.
- Boundary markers: There are no explicit instructions to delimit or isolate ingested external content from the agent's primary instructions.
- Capability inventory: The skill has the ability to fetch remote repository state, launch subagents for reviews, and create new issues in the tracker.
- Sanitization: The instructions do not specify any validation or sanitization of the data retrieved from external code hosts or trackers before it is processed.
Audit Metadata