Skills
skills/e0ipso/self-review/self-review-apply/Gen Agent Trust Hub

self-review-apply

Pass

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill interprets instructions from an external XML file (review.xml), creating an indirect prompt injection surface.
  • Ingestion points: XML file content and image paths provided in arguments or default file.
  • Boundary markers: No delimiters or safety instructions are present to distinguish input data from system instructions.
  • Capability inventory: Includes file system modification, task creation (TaskCreate), and subagent spawning.
  • Sanitization: No validation or sanitization is performed on the XML content or code suggestions.
  • [COMMAND_EXECUTION]: The skill performs mechanical code replacement using proposed-code from the XML, allowing arbitrary modifications to the codebase based on external, potentially untrusted input.
  • [DATA_EXFILTRATION]: The skill reads files from paths provided in the element's path attribute. A malicious XML could use this to access sensitive files (e.g., .env or SSH keys) via path traversal.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 25, 2026, 03:27 AM