ln-005-agent-reviewer
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill's primary function is to read local files and transmit their contents to external AI platforms (Codex and Gemini) for analysis. While these are well-known services, the process involves transmitting potentially sensitive context data to external endpoints.
- [PROMPT_INJECTION]: This skill presents an indirect prompt injection surface by ingesting and processing arbitrary untrusted data for review. 1) Ingestion points: File paths provided in the context_files input and conversation context saved to the .agent-review/context/ directory. 2) Boundary markers: The skill utilizes prompt templates but does not specify delimiters or 'ignore' instructions to prevent external agents from obeying malicious commands embedded in the files being reviewed. 3) Capability inventory: The skill has the capability to read local files and make network calls to external AI APIs. 4) Sanitization: There is no evidence of sanitization or content filtering for the ingested files before they are interpolated into prompts.
Audit Metadata