dev-kit-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingests untrusted data from ticket files to determine its review steps and verification criteria.
- Ingestion points: Markdown files located in the
.dev-kit/tickets/completed/directory. - Boundary markers: Absent. The instructions do not define clear boundaries between the ticket content and the system instructions, nor do they warn the agent to ignore embedded commands within the tickets.
- Capability inventory: The skill utilizes powerful tools including
run_command(shell execution),view_file(file system access), andagent-browser(web access). - Sanitization: No sanitization or validation of the ticket content is performed before the agent uses it to drive these capabilities.
- Command Execution (SAFE): The skill instructions specify the use of
run_commandspecifically for running tests and linters. While this is a sensitive capability, it is consistent with the primary purpose of a developer review tool and is gated by the instruction 'If safe'.
Audit Metadata