deep-review
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill identifies and processes user-provided artifacts (code, design, or documentation) which are then interpolated into prompts for several parallel reviewer agents. This architectural pattern exposes the system to indirect prompt injection where adversarial content within the reviewed artifacts could attempt to manipulate the sub-agents' instructions.
- Ingestion points: Artifacts are loaded via the
working_scope.artifactparameter defined in SKILL.md. - Boundary markers: The skill utilizes variable placeholders like
{conversation_context}and{scope_description}to delineate user content within agent prompts. - Capability inventory: The skill and its sub-agents have access to
Read,Write,Bash, andTasktools. - Sanitization: The provided instructions do not specify explicit sanitization or filtering logic for the input artifacts prior to their use in agent prompts.
- [EXTERNAL_DOWNLOADS]: The documentation includes instructions for users to clone additional required skill modules from the author's GitHub repository at
github.com/mikeng-io/agent-skills. This is documented as a standard method for dependency resolution within the vendor's ecosystem. - [COMMAND_EXECUTION]: The skill makes use of restricted shell commands to manage its environment and outputs.
- It uses
Bash(ls *)andBash(mkdir *)to verify dependencies and organize report artifacts in the.outputs/review/directory. - It specifies the use of
Bash(git *)for the purpose of downloading and managing necessary skill dependencies from the author's repository.
Audit Metadata