sem-inspect-weave
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it processes untrusted content from external repositories. Ingestion points: Pull request content and repository data are ingested via
inspect prandinspect grepas defined inreferences/commands.mdandscripts/inspect-review-target. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the wrapper scripts. Capability inventory: The skill provides access to local binariessem,inspect,weave, andghthrough thescripts/directory. Sanitization: External output from the tools is not sanitized or validated before being returned to the agent context. - [COMMAND_EXECUTION]: The skill uses bash scripts to wrap and execute local semantic analysis tools. These commands are restricted to the intended functionality of the
sem,inspect, andweavebinaries. - [SAFE]: The documentation and scripts include explicit safety warnings against running commands that mutate repository configuration, such as
weave setup, unless specifically requested by the user.
Audit Metadata