review-pending
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Bash to execute python, sqlite3, ls, and wc to audit data freshness and file existence. These tools are used to check database counts and verify the presence of referenced files as part of the review process.
- [PROMPT_INJECTION]: The skill reads data from doc/PENDING_REVIEW.md, creating a surface for indirect prompt injection. -- Ingestion points: Items for review are read from the file doc/PENDING_REVIEW.md. -- Boundary markers: There are no explicit markers or safety instructions used to isolate the data read from the document from agent instructions. -- Capability inventory: The skill has access to shell tools like python and sqlite3 which could be influenced if malicious instructions are successfully injected via the pending items file. -- Sanitization: The skill does not demonstrate any validation or escaping of the content read from the file before processing it.
Audit Metadata