review
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted code changes and project plans.
- Ingestion points: Code diffs, PR summaries, and plan files are ingested in Step 2 and Step 3.
- Boundary markers: The instructions do not define delimiters or provide 'ignore instructions' warnings for the reviewed content.
- Capability inventory: The skill reads local files, executes Git commands, spawns sub-agents, and invokes other skills.
- Sanitization: External content is analyzed without prior sanitization or validation.
- [COMMAND_EXECUTION]: The skill runs
git diff --statandgit log --onelineto validate the scope of changes against plan phases. These are standard read-only operations for development tools.
Audit Metadata