improvement-workflow
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (LOW): The skill exhibits an indirect prompt injection vulnerability surface (Category 8) as it is designed to ingest findings from automated review tools and implement them through powerful tools. 1. Ingestion points: Output from 'review-multi' in Step 1 is used to guide 'analysis' in Step 2 and 'skill-updater' in Step 4. 2. Boundary markers: There are no instructions or delimiters specified to prevent malicious instructions embedded in review findings from being interpreted as commands. 3. Capability inventory: The skill is granted 'Bash', 'Write', 'Edit', and 'WebFetch' permissions in SKILL.md. 4. Sanitization: No sanitization or validation logic is present to filter recommendations before they influence file writes or shell executions.
Audit Metadata