review
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection.
- Ingestion points: The skill ingests untrusted data from the 'changedFiles' and 'proof' fields as defined in the Input table of references/flow.md.
- Boundary markers: The prompt template used for the '/ask' command lacks delimiters (such as triple backticks or XML tags) to isolate the untrusted input data from the instructions.
- Capability inventory: The skill utilizes the '/file-op' (read_file) capability to access local repository content and the '/ask' tool to communicate with external AI providers.
- Sanitization: There is no evidence of input validation, sanitization, or escaping of external content before it is interpolated into the prompts for the secondary models.
Audit Metadata