performance-testing-review-ai-review
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) because it processes untrusted code through LLMs without sufficient safeguards.
- Ingestion points: Untrusted data enters the agent context through the $ARGUMENTS variable in SKILL.md and the code_diff and code_snippet variables in the provided Python orchestrator script.
- Boundary markers: The prompt templates for analysis lack delimiters or protective markers to separate the instructions from the code being analyzed.
- Capability inventory: The described workflow has access to sensitive credentials (ANTHROPIC_API_KEY, GITHUB_TOKEN) and the ability to interact with the GitHub API, creating a risk that malicious instructions in a pull request could attempt to exfiltrate these keys or influence the content of automated comments.
- Sanitization: There is no evidence of sanitization or verification of the external code before it is interpolated into LLM prompts.
Audit Metadata