ai-rules-reviewer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Prompt Injection (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: The agent is instructed to find and analyze project-specific files including
.builderrules,.mdc, andagents.md(SKILL.md, Step 1). - Boundary markers: The instructions lack delimiters or specific 'ignore embedded instructions' warnings for the agent when it interpolates the content of these rule files into its context.
- Capability inventory: The skill possesses capabilities for file-system search, file-read, and file-write (specifically for fixing/editing rules files in the 'Fix Rules' workflow).
- Sanitization: There is no evidence of content sanitization or validation of the input files before the agent processes them, which could allow a malicious file to subvert agent behavior during an audit.
Audit Metadata