design-review
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill's primary function involves reading and analyzing untrusted code files or pull requests, which provides a vector for indirect prompt injection.
- Ingestion points: Target code specified in the arguments is ingested using the
Readtool across all review phases. - Boundary markers: The prompt instructions do not include boundary markers or explicit commands for the agent to ignore instructions embedded within the code being analyzed.
- Capability inventory: The skill is authorized to use
ReadandGreptools, permitting file system access for inspection but no network or write capabilities. - Sanitization: No sanitization, escaping, or validation is performed on the content of the files read from the target source.
Audit Metadata