review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is susceptible to instructions embedded in the code it is tasked to review.
- Ingestion points: Code content from pull requests, branches, or file paths provided via the $ARGUMENTS variable.
- Boundary markers: Not present; the agent is instructed to read files directly without using delimiters to distinguish code from instructions.
- Capability inventory: The skill utilizes file system read/write access (specifically to the 'plans/reports/' directory) and can execute 'TodoWrite' commands.
- Sanitization: There are no mechanisms described to sanitize or escape potentially malicious instructions hidden in the reviewed files.
Audit Metadata