api
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill architecture is designed to ingest and analyze external code proposals which presents a surface for indirect prompt injection. Ingestion point: The Coordinator agent defined in 'review/agents.md' reads the API code or proposal to be reviewed. Boundary markers: The instructions do not specify any delimiters or safety prompts to prevent the agent from following instructions embedded within the code under review. Capability inventory: The skill is configured to spawn sub-agents and generate detailed textual review reports based on the ingested content. Sanitization: The skill does not implement validation or escaping for the external data before it is processed by the agent.
- [SAFE]: The skill references multiple external documentation sites and repositories for reputable open-source projects such as TanStack, Zod, and Radix UI. These links are used appropriately within the context of providing reference material for API design best practices and target well-known, trusted technology services.
Audit Metadata