code-review
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it is designed to analyze untrusted code diffs and task context. An attacker could embed malicious instructions within code comments or string literals to influence the scoring and pass/fail verdict.\n
- Ingestion points: Code diffs and contextual descriptions are ingested through the workflow described in SKILL.md.\n
- Boundary markers: The prompt does not specify the use of delimiters or 'ignore' instructions to isolate analyzed code from the agent's operational logic.\n
- Capability inventory: The skill utilizes 'spawn_agent' for delegation and involves instructions to 'run tests' and 'implement fixes,' which are capabilities that could be abused if an injection succeeds.\n
- Sanitization: There are no provisions for sanitizing or filtering input code for embedded instructions.
Audit Metadata