review-skill-parallel
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes the content of external SKILL.md files which are then passed to sub-agents.
- Ingestion points: The Initialize phase accepts a file path, and the Review phase reads its content.
- Boundary markers: The Review Prompt Template interpolates the file content into a prompt but lacks strong delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill uses Task to spawn sub-agents and Edit to modify the filesystem.
- Sanitization: No validation or sanitization of the input file's content is described.
- [COMMAND_EXECUTION]: The skill uses the Task tool to dynamically launch sub-agents and the Edit tool to perform filesystem modifications. While these are intended behaviors, they represent powerful capabilities that are triggered by the analysis of potentially untrusted input.
Audit Metadata