friction-review
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill reads external artifacts and passes their full content to five subagents for review. While this is the intended purpose, it creates a surface where instructions embedded within the artifact could potentially influence the subagents' behavior.
- Ingestion points: Ingests data from file paths or descriptions provided in $ARGUMENTS, as well as any files referenced within those artifacts (SKILL.md).
- Boundary markers: Uses the ARTIFACT: header to delineate content, but does not include explicit instructions for agents to disregard embedded commands.
- Capability inventory: Orchestrator and subagents have access to Read, Agent, Grep, Glob, and Bash tools (SKILL.md).
- Sanitization: No input sanitization or validation is performed on the ingested content before prompt interpolation.
Audit Metadata