review-skill
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8). It reads the content of an external target file (a skill document) and passes either the content or the file path to multiple specialized reviewer sub-agents. A malicious skill document could contain embedded instructions designed to influence the behavior of these reviewers or the subsequent automated editing phase.
- Ingestion points:
lib/001_INITIALIZE.md(validates and reads target file) andlib/002_FAN_OUT.md(passes path to sub-agents). - Boundary markers: None detected. The reviewer prompts in
lib/prompts/do not use delimiters or instructions to ignore potential injections within the target file. - Capability inventory: The skill utilizes the
Edittool to modify files (lib/007_ADDRESS.md) and theBashtool to perform version control operations includinggit addandgit commit(lib/010_STAGE.md,lib/011_COMMIT.md). - Sanitization: No explicit sanitization or filtering of the target file's content is performed before it is processed by the agent or its sub-tasks.
- [COMMAND_EXECUTION]: The skill makes extensive use of system commands via the
Bashtool to interact withgit. While these operations are core to the skill's purpose (automated code review and committing), they represent a capability that could be targeted via the prompt injection surface mentioned above. The skill does implement a secure heredoc pattern for commit messages inlib/011_COMMIT.mdto mitigate shell injection risks.
Audit Metadata