second-opinion
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes content from the local codebase to inform its critique. • Ingestion points: Content is ingested from the codebase using Read, Grep, and Glob tools (SKILL.md). • Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions when passing codebase data to the critic subagent. • Capability inventory: The skill provides access to Bash and the Agent tool (SKILL.md). • Sanitization: No sanitization or validation of the ingested file content is performed.
- [COMMAND_EXECUTION]: The skill allows the use of the Bash tool to enable the critic subagent to verify plan claims against the actual project state (SKILL.md).
Audit Metadata