comprehensive-review-full-review
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data that is then processed by multiple AI sub-agents.
- Ingestion points: The
$ARGUMENTSvariable, which represents the source code or project provided by the user, is used throughout all four phases of the review process. - Boundary markers: The instructions do not define explicit boundary markers (such as XML tags or delimiters) or include 'ignore embedded instructions' warnings when passing user code to sub-agents.
- Capability inventory: The skill orchestrates various high-capability sub-agents (
security-auditor,deployment-engineer,architect-review) and mentions integration with static analysis tools like SonarQube, Snyk, and GitLeaks. - Sanitization: There is no evidence of input sanitization or validation of the provided code before it is interpolated into the prompts for sub-agents.
- [EXTERNAL_DOWNLOADS]: The skill documentation mentions integration with several external security and analysis services including Snyk, Trivy, GitLeaks, and SonarQube. While these are industry-standard tools for the described use case, their use involves external network dependencies.
Audit Metadata