review-council
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface where untrusted document content is interpolated into review prompts for multiple agents.\n
- Ingestion points: Reads file content from user-provided paths as seen in Step 3 of SKILL.md.\n
- Boundary markers: Document content is inserted into the review prompt without isolation delimiters or instructions to ignore embedded commands.\n
- Capability inventory: Performs file reads, shell-level execution of multiple AI CLIs, and automatic file modification to apply revisions in Step 6.\n
- Sanitization: AI-generated feedback is applied directly to the document without validation or sanitization.\n- [COMMAND_EXECUTION]: Invokes external CLI tools (claude, codex, gemini, copilot) using background bash processes to facilitate parallel document analysis as described in Step 4.
Audit Metadata