foundry-review
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The skill instructions use natural language to guide the agent through a professional code review workflow. There are no attempts to override safety filters, bypass constraints, or extract system prompts.
- Data Exposure & Exfiltration (SAFE): The skill does not access sensitive local files (e.g., SSH keys, credentials). It manages data through specialized MCP tools (
foundry-mcp) and adheres to a policy of not reading specification files directly with standard file-reading tools. - Remote Code Execution (SAFE): There are no patterns of downloading and executing remote scripts. References to the
Bashtool for running tests (e.g.,pytest) are standard for a development/review context. - Indirect Prompt Injection (SAFE): While the skill processes untrusted code and specifications (vulnerability surface), it operates within a structured review framework. The instructions emphasize using specialized MCP tools for analysis rather than manual string interpolation of external content.
- Ingestion points: Implementation source code (via LSP) and SDD specifications (via MCP).
- Boundary markers: The workflow uses structured JSON responses from MCP tools to separate data from instructions.
- Capability inventory: LSP structural checks, MCP AI analysis, and Bash (for test execution).
- Sanitization: Delegated to the underlying MCP tools.
Audit Metadata