review
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill functions as an orchestrator for local project reviews. It gathers context by reading configuration files (e.g., package.json) and previous assessment reports stored in the 'shiplight/reports/' directory. This behavior is necessary for its stated goal of providing a comprehensive review plan.\n- [COMMAND_EXECUTION]: The skill invokes other specialized review tools (e.g., /security-review, /performance-review) via standard agent commands. These executions are triggered based on the project's detected needs and are explicitly presented to the user for confirmation.\n- [PROMPT_INJECTION]: The skill demonstrates an attack surface for indirect prompt injection as it processes untrusted project files.\n
- Ingestion points: The agent reads the local project's tech stack, package.json, routes, components, and git diffs (SKILL.md, Step 1).\n
- Boundary markers: No explicit delimiters or instructions are provided to the agent to distinguish between project data and its own system instructions.\n
- Capability inventory: The skill can invoke several other review tools and write files to the 'shiplight/' directory.\n
- Sanitization: There is no evidence of sanitization or validation of the ingested code/configuration content.
Audit Metadata