review
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing external code content. • Ingestion points: PR content and metadata are ingested via the $ARGUMENTS variable in the
/workflows:reviewcommand within SKILL.md. • Boundary markers: No delimiters or instructions are present to prevent the agent from following instructions embedded within the code being reviewed. • Capability inventory: The skill triggers review workflows and browser-based testing processes. • Sanitization: No sanitization or validation of the ingested code content is performed before processing.
Audit Metadata