address-findings
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection risk through untrusted conversation context parsing.
- Ingestion points: Step 1 in 'SKILL.md' processes 'conversation context containing code-review skill output' to extract findings and file paths.
- Boundary markers: Absent. There are no specific delimiters or instructions for the agent to ignore embedded commands within the parsed findings.
- Capability inventory: The skill utilizes 'Read', 'Grep', 'Glob', and 'Bash' tools. These capabilities could be leveraged to access unintended files or execute git commands if the input path or content is manipulated by a malicious finding.
- Sanitization: Absent. The skill extracts parameters like file paths and code snippets directly from the conversation history without prior validation or escaping.
Audit Metadata