cy-fix-reviews
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests data from external PR review files which presents a surface for indirect prompt injection.\n
- Ingestion points: Reads metadata and issue markdown files from the
.compozy/tasks/directory.\n - Boundary markers: There are no defined delimiters to isolate external text from the agent's internal instructions.\n
- Capability inventory: The skill can modify repository source code and execute system-level verification commands.\n
- Sanitization: No explicit sanitization or content validation of the ingested review files is specified in the workflow.\n- [COMMAND_EXECUTION]: The skill executes external verification tools and repository-specific commands.\n
- Evidence: The workflow utilizes
cy-final-verifyto run the repository's real verification commands.
Audit Metadata