init-devin-review
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is designed to assist in generating markdown-based configuration files for the Devin AI agent. It contains no malicious code, obfuscated payloads, or unauthorized data exfiltration mechanisms.\n- [COMMAND_EXECUTION]: The skill references the
npx devin-reviewcommand in its documentation and evaluation sets. This is the official CLI tool for the Devin service, used to verify configuration and trigger automated PR reviews. This is a neutral, service-specific finding as per established trust rules.\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it is instructed to read existing repository instruction files to ground its generation. \n - Ingestion points: The skill reads files such as
REVIEW.md,AGENTS.md,CLAUDE.md,CONTRIBUTING.md,.cursorrules,.windsurfrules,*.rules, and*.mdc(SKILL.md).\n - Boundary markers: There are no explicit delimiters or specific warnings to ignore embedded instructions when reading these external files.\n
- Capability inventory: The skill outputs markdown configuration files and suggests using the
devin-reviewCLI tool.\n - Sanitization: No specific sanitization or filtering of the content within the ingested instruction files is mentioned in the workflow.
Audit Metadata