specialist-review
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The skill uses persona adoption for domain-specific analysis, which is its intended purpose. No instructions to bypass safety filters or ignore system prompts were found.
- Data Exposure & Exfiltration (SAFE): The skill reads project files but does not access sensitive system paths (like ~/.ssh) or transmit data to external endpoints. Operations are confined to the local project structure.
- Indirect Prompt Injection (SAFE): The skill ingests untrusted data from targets being reviewed.
- Ingestion points: Step 3 uses Read, Glob, and Grep tools to examine target file content.
- Boundary markers: Not explicitly defined in the logic to separate target content from agent instructions.
- Capability inventory: Read, Write, Glob, and Grep tools are available to the agent.
- Sanitization: Step 1 references input validation and sanitization for roles and targets. Since the primary purpose is code analysis, this surface is considered a functional requirement and managed by guidance.
- Command Execution (SAFE): No unauthorized shell commands or arbitrary code execution patterns were found. The use of 'cat' in documentation is illustrative of reading an internal asset.
Audit Metadata