review-plan-implementation
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes external data (plan files and git commits) which presents a theoretical surface for indirect prompt injection. This is inherent to the skill's primary function of reviewing code and plans.
- Ingestion points: Plan files mentioned in 'Workflow' step 1 and Git commits mentioned in step 2.
- Boundary markers: None present; the skill does not use specific delimiters to separate untrusted content from instructions.
- Capability inventory: The skill reads local files and executes git commands to inspect repository history.
- Sanitization: No sanitization or filtering of the external plan content or commit messages is defined.
Audit Metadata