Skills
skills/creator-hian/claude-code-plugins/da-review/Gen Agent Trust Hub

da-review

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an Indirect Prompt Injection surface (Category 8) because it ingests untrusted plan and code data and has the ability to modify the filesystem.
  • Ingestion points: The skill reads user-specified plan files, source code, and git diffs (SKILL.md, lines 28-36).
  • Boundary markers: Content is labeled with context (e.g., 'You are reviewing a plan'), but lacks explicit delimiters or instructions to ignore embedded malicious prompts (SKILL.md, line 55).
  • Capability inventory: The skill can read files using Grep and Glob and is authorized to 'edit the plan file directly' or 'edit the code files directly' to implement fixes (SKILL.md, lines 57, 79-81).
  • Sanitization: There is no evidence of input validation or sanitization for the data processed by the sub-agents.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 01:39 AM