review-docs
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION] (SAFE): The directive 'CRITICAL: do not load these skills yourself' is an instructional constraint intended to manage agent behavior/recursion rather than an attempt to bypass safety filters or exfiltrate data. It does not meet the criteria for a malicious injection.
- [COMMAND_EXECUTION] (LOW): The skill references 'git status' to identify modified files in the repository. This is a standard metadata operation for developer tools and poses minimal risk.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests untrusted data from local MDX files (via '{files}' and 'src/content/').
- Ingestion points: MDX files in the local repository.
- Boundary markers: None specified.
- Capability inventory: Metadata reads (git status) and delegation to other agents. No direct file writes or network access in this skill.
- Sanitization: None specified. While a vulnerability surface exists, the risk is inherent to documentation review tasks.
Audit Metadata