simplify
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to its core functionality of reading and acting upon untrusted code.
- Ingestion points: The skill instructions (SKILL.md) direct the agent to read data from
git diffandGrepsearch results. - Boundary markers: The prompt lacks explicit delimiters or instructions to the model to treat the code diffs as passive data, which could allow malicious code comments to influence the agent's behavior.
- Capability inventory: The skill has the capability to execute
git diffandGrep, and is explicitly authorized to "fix each issue directly," giving it write access to the filesystem. - Sanitization: There is no evidence of sanitization or validation of the code content before it is evaluated by the review agents.
Audit Metadata