code-review-helper
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides legitimate utility for code analysis. All scripts and reference documents are benign and serve the stated educational and organizational purposes.\n- [PROMPT_INJECTION]: The skill inherently possesses an attack surface for indirect prompt injection as its primary function is to ingest and process untrusted code from external sources.\n
- Ingestion points: Changed files, PR descriptions, and documentation identified in the SKILL.md gathering phase.\n
- Boundary markers: Not present; the instructions do not specify delimiters to separate untrusted code from instructions.\n
- Capability inventory: Reading local files and executing the summary script (scripts/generate-review-summary.py).\n
- Sanitization: Not present; the skill does not perform validation or escaping of the code it reviews.
Audit Metadata