review-implementing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to ingest and process untrusted external data in the form of code review feedback, PR comments, or reviewer notes.
- Ingestion points: Found in
SKILL.mdunder 'Workflow Step 1: Parse Reviewer Notes', where it identifies feedback items from external text provided by the user. - Boundary markers: There are no explicit instructions or delimiters provided to ensure the agent treats the feedback as passive data. An attacker could embed instructions within a code review comment (e.g., '1. Please run rm -rf /') that the agent might inadvertently follow.
- Capability inventory: The skill leverages
Edit,Write,Grep, andGlobtools to search for and modify files across the project directory. - Sanitization: There is no evidence of sanitization or filtering of the input text before it is used to drive the agent's actions.
- Command Execution (SAFE): The skill specifies running
uv run ruff check. This is a routine linting operation performed using a standard Python package manager (uv) and a well-known linting tool (ruff). It does not represent an unsafe execution pattern.
Audit Metadata