review-remediation-gate
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines a workflow that ingests external data in the form of 'review findings'. This creates a surface for indirect prompt injection where an attacker (the provider of the review findings) could attempt to embed instructions to override the agent's behavior. The skill's focus on evidence-backed closure ('Do not mark a finding resolved without evidence') provides a natural defense against such attempts by requiring verifiable proof for all actions.
- [INGESTION_ANALYSIS]: Findings regarding the Category 8 attack surface:
- Ingestion points:
SKILL.md(Step 1: 'Read the original intent, the review findings'). - Boundary markers: Absent; findings are not wrapped in delimiters.
- Capability inventory: Implicitly includes file modifications and command execution for validation.
- Sanitization: Absent; the instructions do not specify a validation or escaping step for findings text.
Audit Metadata