rp-reviewer
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted code changes and passes them to an LLM-based tool for review.\n * Ingestion points: The
changed_fileslist inSKILL.mdis passed to the review tool.\n * Boundary markers: There are no delimiters or "ignore" instructions in themessagesent torepoprompt/chat_send.\n * Capability inventory: The skill executes therepoprompt/chat_sendMCP tool.\n * Sanitization: No validation or sanitization is performed on the content of the changed files.\n- [SAFE]: The skill utilizes therepopromptMCP tools (manage_workspaces,chat_send) to perform code reviews.\n- [SAFE]: The skill uses a "fail-open" approach in its error handling logic, where failures in the toolset lead to an automatic approval verdict to prevent blocking development workflows.
Audit Metadata