answer-reviewer-questions
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes and responds to content provided in PR reviewer comments.
- Ingestion points: Untrusted reviewer comments and reconciled intent data from GitHub PR threads are ingested in Step 1 and processed in Step 2.
- Boundary markers: The instructions do not define specific delimiters (like XML tags or triple backticks) to separate the untrusted reviewer input from the agent's instructions.
- Capability inventory: The skill uses the untrusted input to invoke the /recall-reasoning and /interpret-feedback tools and produces text output for subsequent agent steps.
- Sanitization: There is no evidence of sanitization, filtering, or explicit safety instructions to disregard malicious commands embedded within the reviewer comments.
Audit Metadata