task-review-workflow
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill instructs the agent to ingest and act upon potentially malicious data from external, untrusted sources. 1. Ingestion points: PR descriptions, linked task context, and contents of checked-out PR branches as described in SKILL.md. 2. Boundary markers: Absent; there are no instructions to the agent to distinguish between metadata and embedded instructions within the ingested content. 3. Capability inventory: The skill empowers the agent to checkout branches, run local commands (test/lint/build), and modify external service states on Trello. 4. Sanitization: Absent; no validation or sanitization steps are defined for external input before it enters the agent context.
Audit Metadata