finalize
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it interprets and executes tasks based on potentially untrusted external data.\n
- Ingestion points: The agent is instructed to read the current working copy, pull request diffs, and unresolved review feedback from the environment (SKILL.md).\n
- Boundary markers: There are no explicit instructions or delimiters provided to distinguish between data to be processed and instructions to be followed, nor are there warnings to ignore embedded commands.\n
- Capability inventory: The skill has the capability to modify repository files, create and push branches, and execute validation commands or tests (SKILL.md).\n
- Sanitization: The skill does not describe any mechanisms for sanitizing or validating the content of the code or comments it processes.\n- [NO_CODE]: The skill package does not contain any executable scripts, binaries, or source code files, consisting solely of markdown instructions.
Audit Metadata