address-findings
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes 'code-review output from the conversation context' (Step 1). If an external actor can influence the conversation context (e.g., through a malicious pull request description or comment), they could potentially inject instructions that the skill might follow during its triage and planning phases.
- Ingestion points: Conversation context containing code-review skill output (SKILL.md, Step 1).
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the parsed code-review output are specified.
- Capability inventory: The skill has access to
Read,Bash(git branch:*),Bash(git diff:*),Grep,Glob, andEnterPlanModetools. - Sanitization: While Step 3 validates findings against source code before proceeding, the initial parsing and subsequent planning are driven by the unvalidated input from the conversation history.
Audit Metadata