review
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of reading and processing untrusted file content.
- Ingestion points: File content from extensions .tex, .qmd, .typ, .py, and .md is read and parsed (SKILL.md).
- Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded commands within the files being reviewed.
- Capability inventory: The skill utilizes
Read,Write, andTasktools to process data and launch sub-agent review processes. - Sanitization: There is no evidence of sanitization or filtering of the file content before it is processed by the routing table and sub-agents.
Audit Metadata