code-review
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing untrusted external content with powerful system-level tools.
- Ingestion points: The skill ingests untrusted data from pull requests, merge requests, local diffs, and patches provided in the agent's context (SKILL.md).
- Boundary markers: Absent. There are no instructions to use delimiters or ignore instructions embedded within the processed code, such as malicious comments designed to hijack agent behavior.
- Capability inventory: The skill is configured to use tools like
Bashfor command execution andWritefor file system modification (SKILL.md, frontmatter). - Sanitization: Absent. The skill does not provide mechanisms for escaping or validating input to ensure embedded text cannot be interpreted as instructions by the underlying model.
Audit Metadata