unified-review
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Surface for indirect prompt injection identified. The skill's primary function involves analyzing untrusted repository data to determine which specialized review skills to execute.
- Ingestion points:
SKILL.md(Step 1 and Step 2 of the workflow) describes analyzing filenames, manifests (e.g.,Cargo.toml,openapi.yaml), and git diffs to identify project structure and changes. - Boundary markers: No explicit delimiters or 'ignore embedded instructions' markers were found in the provided templates or workflow documentation to prevent the model from obeying instructions found within the processed code.
- Capability inventory: The skill functions as an orchestrator for other tools; no direct dangerous capabilities such as arbitrary command execution, network operations to non-whitelisted domains, or unauthorized file-system writes were found in the provided files.
- Sanitization: No mechanisms for sanitizing, escaping, or validating the external codebase content prior to analysis were observed.
Audit Metadata