Skills
skills/team-attention/plugins-for-claude-natives/review/Gen Agent Trust Hub

review

Warn

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [Data Exposure & Exfiltration] (MEDIUM): The instructions direct the agent to use the Read tool on file paths explicitly specified by the user without any path validation or restriction to safe directories. This could lead to the exposure of sensitive files (e.g., configuration files, private keys) when the content is sent to the mcp__interactive_review__start_review tool.
  • [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from files or conversation context and processes it through an interactive tool. The absence of boundary markers or specific instructions to ignore embedded commands in the reviewed content allows for potential injection attacks where malicious content influences the agent's actions after the review is completed. Evidence Chain: 1. Ingestion points: Read tool (file contents) and direct user input; 2. Boundary markers: Absent; 3. Capability inventory: Read (file access) and mcp__interactive_review__start_review (external tool execution); 4. Sanitization: Absent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 18, 2026, 11:47 AM