Skills
skills/airclear/skills/conductor-review/Gen Agent Trust Hub

conductor-review

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted code diffs and project documentation.\n
  • Ingestion points: Untrusted data enters the agent context through git diff output and project files like plan.md and spec.md.\n
  • Boundary markers: The protocols do not define explicit delimiters or instructions to ignore embedded commands within the code being reviewed.\n
  • Capability inventory: The skill possesses capabilities to execute shell commands (e.g., test runners and git) and write to project files.\n
  • Sanitization: No sanitization, escaping, or validation of the processed code or project files is performed before they are incorporated into the agent context.\n- [COMMAND_EXECUTION]: The skill automatically identifies and executes project test suites such as npm test or pytest and performs git operations (git diff, git commit). This capability allows for code execution based on the environment and contents of the project being reviewed, which is a standard but noteworthy risk for developer-oriented tools.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 08:17 PM