ln-312-review-findings-worker
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [DATA_EXPOSURE]: The skill accesses local reference files and target artifacts to perform analysis. It specifically references paths such as
shared/references/and../ln-310-multi-agent-validator/references/. This behavior is aligned with the skill's documented purpose as an evaluation worker within a multi-agent framework.- [PROMPT_INJECTION]: The skill processes untrusted external data (target artifacts and sibling stories), which presents an indirect prompt injection surface. - Ingestion points: Target artifacts loaded in Phase 1 and sibling stories retrieved via
list_issuesin Phase 3. - Boundary markers: The workflow defines distinct phases (PHASE_0 to PHASE_8), but no explicit delimiters or instructions to ignore embedded commands are specified for the untrusted content.
- Capability inventory: The skill is primarily analytical; it generates findings and metrics but does not demonstrate capabilities for arbitrary command execution, network exfiltration, or filesystem modification beyond writing its own summary.
- Sanitization: No explicit sanitization or validation of the analyzed content is mentioned in the instructions.
Audit Metadata