Skills
skills/tobihagemann/turbo/evaluate-findings/Gen Agent Trust Hub

evaluate-findings

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute isolated read-only test snippets to verify technical claims made in code reviews.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes external, untrusted content (code reviews, PR comments) and incorporates this content into instructions for a subagent and parameters for tools like Bash and WebSearch.
  • Ingestion points: Processes external feedback from code reviews and PR comments as defined in SKILL.md.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present when passing findings to the subagent or tools.
  • Capability inventory: Accesses Bash, Agent (subagent spawning), WebSearch, and WebFetch tools.
  • Sanitization: No sanitization or validation of the external review content is mentioned before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 05:21 AM