Reviewing Code
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): High risk of Indirect Prompt Injection through the processing of attacker-controlled data.
- Ingestion points: The skill reads external context from
docs/feature-spec/,docs/user-stories/,docs/api-contracts.yaml, and code changes provided in PRs. - Boundary markers: Absent. The instructions do not define clear delimiters or provide instructions to ignore natural language directives found within the files being reviewed.
- Capability inventory: The skill explicitly contains instructions to 'Fix critical + important issues' (file-write capability) and 'Spawn specialized agents' (autonomous tool/agent execution), which increases the impact of a successful injection.
- Sanitization: Absent. There is no evidence of filtering or sanitizing content ingested from external documentation or source code.
Recommendations
- AI detected serious security threats
Audit Metadata