loop-review-skill-until-fixed-point
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external file content via the target argument, creating a surface for indirect prompt injection.
- Ingestion points: The target file path provided in the skill arguments (parsed in the Initialize phase).
- Boundary markers: Absent; while the orchestrator enforces context isolation between iterations, it does not define specific delimiters for the target file content itself.
- Capability inventory: The skill triggers the
/review-skillcommand repeatedly. - Sanitization: No explicit sanitization or instruction filtering is performed on the target file content before processing.
Audit Metadata