review-rules
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill reads various configuration files which could contain malicious instructions designed to influence the agent's diagnostic logic or cause it to output biased recommendations. While the impact is mitigated by the requirement for explicit user consent before any file modifications, the ingestion of untrusted data into the agent's context is a known attack surface.
- Ingestion points: SKILL.md (Workflow Step 1) specifies reading project-level files including AGENTS.md, CLAUDE.md, CLAUDE.local.md, GEMINI.md, .cursor/rules/.mdc, .roo/rules/.md, .junie/guidelines.md, and .github/copilot-instructions.md.
- Boundary markers: Absent. The instructions do not specify using delimiters or warnings to separate the content of these files from the agent's operational instructions.
- Capability inventory: The skill utilizes file system reading and file system writing (the latter restricted by a 'user consent' workflow requirement).
- Sanitization: Absent. No filtering or validation of the ingested file content is performed before processing.
Audit Metadata