Skills
skills/duc01226/easyplatform/why-review/Gen Agent Trust Hub

why-review

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill uses strong imperative language (e.g., "MANDATORY IMPORTANT MUST", "NON-NEGOTIABLE") to direct agent behavior and enforce its review workflow. While intended for quality assurance, these patterns are a form of instruction override that can pressure the agent to prioritize skill logic over standard safety protocols.
  • [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection by reading content from untrusted external files ('plan.md' and 'phase-*.md') and user-provided arguments.
  • Ingestion points: External plan files, phase files, and the $ARGUMENTS variable.
  • Boundary markers: Arguments are wrapped in a tag, but no delimiters or 'ignore' instructions are applied to the content read from local plan files.
  • Capability inventory: The skill uses TaskCreate for recursive task generation, AskUserQuestion for user interaction, and has the ability to write result files to the local 'plans/reports/' directory.
  • Sanitization: There is no evidence of sanitization, filtering, or escaping applied to the content of the plan files before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 06:11 AM