review-plan-implementation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection through the processing of untrusted external data.
- Ingestion points: The skill reads and extracts instructions from the
## Reviewer Handoffsection of.plan.mdfiles located in the codebase. - Boundary markers: Absent. The instructions do not define delimiters or warnings to treat the handoff content as untrusted or to ignore embedded commands.
- Capability inventory: The skill is explicitly told to 'execute the instructions' in the handoff and 'Execute or delegate UI verification', which gives the agent permission to perform actions based on external content.
- Sanitization: None. The skill documentation instructs the agent to 'Treat ## Reviewer Handoff as the authoritative review scope', increasing the likelihood of following injected instructions.
Audit Metadata