review-logic
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its core functionality involves processing untrusted external data (design documents and source code).
- Ingestion points: The skill reads external files from
/projectdocs/design/and/projectdocs/require/, and analyzes user-supplied source code. - Boundary markers: No specific delimiters or boundary markers are defined in the instructions to separate the agent's instructions from the content of the documents being analyzed.
- Capability inventory: The skill's capabilities are restricted to text-based analysis and report generation; it contains no subprocess calls, file-write operations (outside of outputting the report), or network access.
- Sanitization: There is no evidence of sanitization, escaping, or validation logic to prevent instructions embedded within the analyzed files from influencing the agent's behavior.
Audit Metadata