Skills
skills/levnikolaevich/claude-code-skills/ln-316-review-refinement-worker/Gen Agent Trust Hub

ln-316-review-refinement-worker

Pass

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It processes untrusted data (referred to as {artifact_content}) and interpolates it into templates to build prompts for an external agent.
  • Ingestion points: The {artifact_content} placeholder in the prompt construction logic (SKILL.md).
  • Boundary markers: No explicit delimiters or instructions to ignore embedded content are defined within the skill's logic.
  • Capability inventory: The skill executes shell commands via node shared/agents/agent_runner.mjs and manages processes via PIDs.
  • Sanitization: No sanitization or validation of the {artifact_content} is mentioned.
  • [COMMAND_EXECUTION]: The skill performs shell operations to launch and manage external processes.
  • Evidence: Multiple invocations of node shared/agents/agent_runner.mjs are used to run agents, verify process termination via --verify-dead {pid}, and monitor logs using tail -f and grep via the Monitor tool.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 26, 2026, 09:30 AM