review-core
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface identified as the skill processes untrusted repository data.
- Ingestion points: The workflow involves reading source files, configurations, and specifications during context establishment and scope inventory.
- Boundary markers: The instructions do not provide delimiters or specific guidelines to ignore instructions that may be embedded within the files being reviewed.
- Capability inventory: The skill utilizes subprocess capabilities by directing the agent to run commands like
git status,git rev-parse,rg,cargo metadata,make, andcargo doc. - Sanitization: There is no logic provided to sanitize or validate the content retrieved from the files before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill relies on system-level command execution to perform its primary function.
- Evidence: The workflow explicitly lists commands such as
git,make,cargo, andrgto gather evidence and establish the review context.
Audit Metadata