closed-loop-delivery
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of external feedback during the development loop.
- Ingestion points: Untrusted data enters the agent context through Pull Request comments and reviews as specified in step 4 of the workflow in SKILL.md.
- Boundary markers: The skill does not implement delimiters or instructions to ignore embedded commands within the fetched PR content.
- Capability inventory: The skill executes arbitrary commands for local verification and development deployment as described in steps 3 and 5 of the workflow in SKILL.md.
- Sanitization: No sanitization or validation of the PR comment content is performed before it is used to guide subsequent implementation and verification steps.
Audit Metadata