Skills
skills/rsmdt/the-startup/review/Gen Agent Trust Hub

review

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted source code and git diffs to be processed by specialized sub-agents. Malicious instructions embedded in the code being reviewed (e.g., in comments) could potentially subvert the reviewer agents' logic.\n
  • Ingestion points: SKILL.md (Workflow Step 1) retrieves file contents and git diffs based on the $ARGUMENTS provided.\n
  • Boundary markers: Absent. The instructions do not specify any delimiters or warnings to the sub-agents to ignore instructions contained within the code context.\n
  • Capability inventory: Bash, Read, Glob, Grep, TeamCreate, and SendMessage are available to the agent and its sub-agents.\n
  • Sanitization: Absent. The skill does not perform any pre-processing or sanitization on the retrieved code before passing it to reviewers.\n- [COMMAND_EXECUTION]: The workflow in SKILL.md interpolates the $ARGUMENTS variable directly into shell commands such as gh pr diff $target and git diff main...$target. If the environment does not provide strict argument sanitization, this pattern could allow for command injection through malicious input strings containing shell metacharacters.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 10:43 PM