Skills
skills/juliusbrussee/cavekit/peer-review/Gen Agent Trust Hub

peer-review

Pass

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill's primary function is to facilitate the processing of external content (code, plans, and requirements) through prompt templates. This creates a vulnerability to Indirect Prompt Injection (Category 8).
  • Ingestion points: Multiple templates in SKILL.md (e.g., Diff Critique, Design Challenge, Deciding Vote) interpolate variables like {DIFF_CONTENT}, {PLAN_CONTENT}, and {APPROACH_A} which likely contain untrusted data from external files or previous agent outputs.
  • Boundary markers: The templates lack explicit delimiters (like XML tags or triple quotes with warnings) to isolate the untrusted data from the reviewer's instructions.
  • Capability inventory: The agents using these prompts are capable of file system writes, code generation, and interacting with MCP servers which may execute CLI commands ({ADVERSARY_CLI}).
  • Sanitization: There are no instructions for the agent to sanitize or validate the external content before processing it.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 18, 2026, 08:08 AM