robotti-io/genai-acceptance-review
skills/genai-acceptance-review/SKILL.md
Review workflow for AI/LLM output usage to prevent over-trust, injection, and unsafe automation.
$ install --global
skillsauthnpx skillsauth add robotti-io/copilot-security-instructions genai-acceptance-reviewInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 11, 2026, 10:56 PM4.5s1 file scanned
SKILL.md
- name:
- genai-acceptance-review
- description:
- Review workflow for AI/LLM output usage to prevent over-trust, injection, and unsafe automation.
GenAI Acceptance Review
When to use
Use this skill when a system consumes LLM output to make decisions or perform actions.
Inputs to collect (if available)
- What the model output is used for (advisory vs actionable)
- Tools/capabilities available to the system (file writes, network calls, deploys)
- Data entering prompts (PII/secrets? retrieved content sources?)
- Approval model (human-in-the-loop? step-up auth?)
Threats to consider
- Prompt injection (content causes the model to ignore instructions)
- Over-trust / tool misuse (model output drives privileged actions)
- Data leakage (secrets/PII included in prompts or outputs)
- Indirect injection via retrieved content (RAG, web pages, PDFs)
Step-by-step process
- Map the AI boundary
- Where prompts are built, where tools are called, what data enters/leaves.
- Classify outputs
- Advisory: suggestions for humans
- Actionable: used by code to execute, write files, call APIs, change permissions
- Apply controls by class
- Advisory: disclaimers, human review, logging with redaction
- Actionable: strict schema validation, allow-lists, capability gating, step-up approvals
- Prompt & retrieval hardening
- Separate system instructions from untrusted content
- Use structured output (JSON schema) and reject invalid outputs
- Limit context sources; sanitize retrieved content where possible
- Add misuse tests
- Include injection strings and verify they don’t trigger privileged actions
- Document safe usage
- Clear rules for what the model may decide vs what code must enforce
Output
- Boundary diagram (textual is fine)
- Control recommendations (prevent/detect/respond)
- Test cases for injection and over-trust scenarios
Repo integration (optional)
Related prompt:
check-for-unvalidated-genai-acceptances.prompt.md
Output format
- Boundary map: where untrusted content enters, where model output leaves
- Threats: top 5 with likelihood/impact
- Controls: prevent/detect/respond mapped to advisory vs actionable use
- Validation: misuse/prompt-injection test scenarios
Examples
- “LLM suggests shell commands that CI executes” → require allow-listed command templates + schema validation + human approval for privileged operations.
Related Skills
robotti-io/threat-model
tools
VerifiedTrustedCommunity
Threat model a system, feature, service, or PR using Shostack's 4Q workflow, evidence-first analysis, risk scoring, and CLI-friendly Mermaid helper scripts.
39SKILL.mdUpdated Apr 19, 2026
robotti-io/access-control-review
testing
VerifiedTrustedCommunity
Analyze repository-grounded identity, access control, and authorization design with evidence-first reporting and script-validated Mermaid diagrams.
39SKILL.mdUpdated Apr 19, 2026
robotti-io/threat-model
tools
VerifiedTrustedCommunity
Threat model a system, feature, service, or PR using Shostack's 4Q workflow, evidence-first analysis, risk scoring, and CLI-friendly Mermaid helper scripts.
39SKILL.mdUpdated Apr 19, 2026
robotti-io/dependency-cve-triage
content-media
VerifiedTrustedCommunity
Triage a dependency CVE using local repo evidence and remediation guidance.
39SKILL.mdUpdated Apr 19, 2026