swe-reviewer
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes data from external sources like pull request descriptions and issue comments.
- Ingestion points: Processes untrusted content via vcs-issue-management and vcs-change-request skills as described in SKILL.md.
- Boundary markers: The workflow lacks explicit boundary markers or instructions to ignore embedded commands in external data.
- Capability inventory: The skill can create pull requests and update issue checklists.
- Sanitization: No sanitization or validation of external input is specified.
- Mitigation: The skill incorporates a human-in-the-loop validation step (MITM Validation) before finalized delivery.
Audit Metadata