cli-agent-ux-review
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill directs the agent to ingest and analyze untrusted repository content, which constitutes an indirect prompt injection surface.
- Ingestion points: SKILL.md and references/ax-criteria.md instruct the agent to read README files, help outputs, and source code from target repositories.
- Boundary markers: The instructions lack specific boundary markers or 'ignore embedded instructions' warnings for the data being analyzed.
- Capability inventory: The skill requires file-reading capabilities to assess repository content.
- Sanitization: There are no instructions for sanitizing or validating the untrusted content before processing.
Audit Metadata