devin-review-init
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were identified in the skill's instructions or referenced files.
- [PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection as it analyzes untrusted content from the user's repository (e.g.,
CLAUDE.md,.cursorrules,CONTRIBUTING.md). This is inherent to the skill's purpose of repository-aware configuration generation. * Ingestion points:SKILL.md(Phase 1) specifies reading configuration and documentation files from the target repository. * Boundary markers: The instructions do not explicitly define delimiters for isolating untrusted content during the analysis phase. * Capability inventory: The skill's primary capabilities involve reading repository files and generating markdown output. * Sanitization: Repository content is analyzed as-is to generate tailored guidelines.
Audit Metadata