apply-findings
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized operations were detected. The skill's behavior is consistent with its stated purpose of applying code review findings.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes findings from the conversation context. Ingestion points: Code review findings in the conversation context (SKILL.md). Boundary markers: Requires findings to be pre-processed by the /evaluate-findings tool (SKILL.md). Capability inventory: File read and write access for code modification. Sanitization: The agent is instructed to verify that the code block still matches the finding before making any changes.
- [COMMAND_EXECUTION]: The skill executes file edits. It reduces risk by including a rule that specifically forbids staging, building, or testing, which prevents the potential execution of any malicious code introduced via manipulated findings.
Audit Metadata