code-review
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted content from the repository. 1. Ingestion points: Reads agents.md, .ai/implementation-plan.md, .ai/issue-analysis.md, and git diff output. 2. Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands. 3. Capability inventory: Includes file reading/writing and git diff execution. 4. Sanitization: The ingested content is processed without validation or escaping.
Audit Metadata