analyst
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill is designed to analyze external source code, blueprints, and engineering guidelines. These are untrusted inputs that could contain hidden instructions aimed at biasing the review verdict or manipulating the 'Next Recommended Step' in the system state. However, the risk is low and inherent to the functionality of a code analysis agent.
- Ingestion points: Reads from
system/blueprints/*.md,**/CLAUDE.md, and arbitrary project source files. - Boundary markers: The instructions do not define specific delimiters for separating untrusted file content from system instructions.
- Capability inventory: Limited to reading files and writing review reports/state updates to the
system/directory. No network access or arbitrary shell execution detected. - Sanitization: No explicit sanitization or instruction-filtering logic is present for the ingested data.
- Data Exposure & Exfiltration (SAFE): The skill performs local file operations within a defined project structure (
system/reviews/,system/state.md). It does not utilize any network utilities like curl, wget, or HTTP libraries, effectively preventing data exfiltration. - Unverifiable Dependencies (SAFE): The skill does not define or install any external packages (npm/pip) or execute remote scripts.
Audit Metadata