ln-512-agent-reviewer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): Indirect Prompt Injection surface identified. The skill ingests data from external agents (Codex and Gemini) which could contain malicious instructions. \n
- Ingestion points: Results are read from .agent-review/ markdown files.\n
- Boundary markers: Uses specific HTML-style comment markers for parsing JSON blocks.\n
- Capability inventory: Skill executes local Python scripts and manages file I/O within the project directory.\n
- Sanitization: Implements a mandatory 'Critical Verification' and 'Debate Protocol' using Claude to validate suggestions before they are accepted, significantly reducing the risk of automated obedience to injected instructions.\n- COMMAND_EXECUTION (SAFE): The skill invokes shared/agents/agent_runner.py via subprocess. This is an internal utility script used for orchestration and does not represent an external/untrusted code execution risk.
Audit Metadata