review-ai-writing
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by ingesting untrusted data from external sources and processing it through subagents. Ingestion points: The skill reads file content, git logs, and PR descriptions via the
gh pr viewcommand. Boundary markers: No instructions are provided to wrap the ingested content in delimiters or include security instructions to prevent the subagents from obeying embedded text. Capability inventory: The skill has the ability to execute shell commands, spawn subagents, and write to the local filesystem. Sanitization: There is no evidence of text sanitization or validation before the data is processed. - [COMMAND_EXECUTION]: The skill executes standard system and git commands to identify files for scanning and to retrieve git history and metadata. Commands include
git diff,find,git log,gh pr view, andmkdir, all of which are used appropriately for the tool's stated purpose of reviewing project documentation and code comments.
Audit Metadata