security-review-openai
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill is vulnerable to indirect prompt injection (Category 8) due to its core functionality.
- Ingestion points: The skill reads and processes all languages and frameworks within the user's project scope/repository (untrusted data).
- Boundary markers: There are no explicit instructions or delimiters provided to ensure the agent treats the ingested code strictly as data rather than instructions.
- Capability inventory: The skill is authorized to write new files (security reports) and modify existing codebase files to apply 'fixes', which could be abused if an attacker hides instructions in code comments.
- Sanitization: No sanitization or validation of the project content is specified before the agent processes it or includes it in reports.
Audit Metadata