review
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DYNAMIC_CONTEXT_INJECTION]: The skill uses
!commandsyntax to query project state and tool versions at load time. These commands (cat,grep,ls,which,npx) are informational checks used to populate the agent's context with current project metadata. No evidence of argument injection or sensitive data exfiltration was found in these load-time operations. - [EXTERNAL_DOWNLOADS]: The review process references the
ecc-agentshieldpackage vianpxfor security scanning. This involves downloading and executing external code as part of a security audit workflow. While it involves fetching third-party packages, the usage is aligned with the skill's primary function of quality and security assessment. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from local project state files to drive its review logic.
- Ingestion points: Reads
.ai_state/project.jsonand.ai_state/tasks.mdvia shell commands to determine the current sprint status and completed tasks. - Boundary markers: None explicitly defined to separate project metadata from instructions.
- Capability inventory: Includes the ability to execute project test suites, run security scanners, and call external review tools (
/codex). - Sanitization: None observed; the skill relies on multi-model review steps and a final human-reviewed evaluator score to mitigate risks from malicious project data.
Audit Metadata