reviewing-changes
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface exists because the skill processes untrusted input from external sources during the review workflow.
- Ingestion points: The skill instructions (SKILL.md) direct the agent to retrieve details from pull request titles, descriptions, and linked JIRA tickets via tools.
- Boundary markers: The instructions do not specify the use of delimiters or 'ignore' commands to isolate untrusted data from the agent's core instructions.
- Capability inventory: The skill utilizes GitHub API and JIRA MCP tools to fetch data which is then analyzed by the model.
- Sanitization: No sanitization or validation logic for the ingested external text is provided in the skill documentation.
Audit Metadata