review-implementation
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted markdown files (requirements, specs, PRDs) and possesses the capability to modify repository code and execute local test suites. This creates a surface where malicious instructions embedded in a specification document could influence the agent to perform unauthorized code changes or execute malicious commands.
- Ingestion points: External markdown requirement files, specification documents, and repository-level guidance files (SKILL.md).
- Boundary markers: The instructions lack explicit delimiters or warnings for the agent to distinguish between its operational instructions and the content of the data files it processes.
- Capability inventory: The agent is explicitly instructed to fix issues directly in code and run various validation checks, including unit and integration tests (SKILL.md).
- Sanitization: There are no mentioned mechanisms for sanitizing, escaping, or validating the content of the external markdown files before they are used to guide code modifications.
Audit Metadata