kw-cubic
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill interpolates untrusted user input from the '$ARGUMENTS' variable directly into a task description for the 'gsd:quick' skill. This allows for potential prompt injection where malicious instructions embedded in a 'code review' could hijack the agent's behavior during the execution phase.- [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: The '$ARGUMENTS' variable in 'SKILL.md' accepts external content from cubic.ai reviews, which is untrusted data.
- Capability inventory: The skill delegates tasks to 'gsd:quick', which has the capability to modify project files and architecture based on natural language instructions.
- Boundary markers: While the input is wrapped in '' tags within the skill context, the final instruction passed to 'gsd:quick' lacks strong delimiters or specific instructions to ignore embedded commands.
- Sanitization: There is no evidence of sanitization, filtering, or validation of the provided cubic.ai output before it is processed and passed to the next agent workflow.
Audit Metadata