review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. The skill processes untrusted external code (PR diffs) without sufficient isolation.
- Ingestion points: The [SCOPE] placeholder in Phase 1 and Phase 2 prompts within SKILL.md.
- Boundary markers: Absent; code snippets are interpolated directly into agent prompts without delimiters or instructions to ignore embedded commands.
- Capability inventory: The 'review-agent' determines the 'verdict' (APPROVE / REQUEST_CHANGES), which could influence automated merge processes or human decisions.
- Sanitization: No evidence of input escaping or instruction filtering before processing external code content.
Audit Metadata