code-correctness
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [NO_CODE]: This skill consists exclusively of Markdown documentation and YAML configuration. No executable scripts, binaries, or third-party code dependencies are provided or utilized.
- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection as it requires the agent to read and evaluate untrusted content from a user's repository. 1. Ingestion points: The agent is instructed in SKILL.md to review the whole codebase or specific directories provided by the user. 2. Boundary markers: Absent; the skill does not provide instructions for delimiters or techniques to isolate untrusted code from instructions. 3. Capability inventory: As per SKILL.md, the agent uses repository inspection capabilities to read files and generate reports; no dangerous subprocess or network calls are invoked. 4. Sanitization: Absent; the skill does not specify any filtering, validation, or sanitization of the content being reviewed.
Audit Metadata