vanity-engineering-review
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to process untrusted external data, such as codebases, pull requests, and architecture proposals, which creates a surface for indirect prompt injection.
- Ingestion points: Analysis of user-provided code and documents as defined in the Review Process of SKILL.md.
- Boundary markers: Absent; the instructions do not specify the use of delimiters or warnings to ignore embedded instructions within processed data.
- Capability inventory: None; the skill is limited to natural language processing and does not include tools for command execution, file system modification, or network requests.
- Sanitization: Absent; there are no defined procedures for escaping or validating input content.
- [NO_CODE]: The skill consists entirely of markdown documentation and YAML metadata. No scripts, binaries, or automated tools are included in the skill package.
Audit Metadata