implement-suggestion
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by design.
- Ingestion points: Untrusted data enters the agent context through the
$ARGUMENTSvariable inSKILL.md, which is intended for review comments. - Boundary markers: The skill lacks delimiters (such as XML tags or unique markers) to isolate the untrusted suggestions from the system instructions.
- Capability inventory: The skill allows the agent to 'implement fixes', which typically involves file system access, code modification, and potentially command execution.
- Sanitization: There is no evidence of input sanitization or validation of the provided arguments.
Audit Metadata