review-workflow-design
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is primarily instructional, defining a design spec for human-in-the-loop or agent-led review processes. It does not contain hardcoded credentials, sensitive file paths, or network exfiltration logic.
- [PROMPT_INJECTION]: The workflow requires the agent to read external 'spec_file' content and 'git diff' outputs. This represents a potential surface for indirect prompt injection if an attacker can control the content of specifications or commit messages. Evidence: Ingestion points include reading spec files in 'Step 1' and 'Instructions'. Capability inventory: Only 'Read' and 'Grep' are permitted for this skill, limiting the risk of a successful injection leading to system compromise. Boundary markers are absent in the prompt templates provided, which is a common but minor observation for design-focused skills.
Audit Metadata