review-implementation
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process untrusted external data (review context documents, design specs, and source code files) without explicit safeguards.
- Ingestion points: The agent is instructed to read several external sources: a "review context document", a "design doc / spec", and all files listed in the context (SKILL.md).
- Boundary markers: The instructions do not define clear delimiters or "ignore embedded instructions" warnings to prevent the agent from being influenced by malicious instructions hidden within the data being reviewed.
- Capability inventory: The skill uses tools to read files and search content (e.g., grep) to verify implementations and imports (SKILL.md).
- Sanitization: There is no mention of sanitizing or validating the content of the documents or code files before processing them.
Audit Metadata