code-reviewer
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process untrusted code snippets, diffs, and pull requests from external sources.\n
- Ingestion points: The workflow described in SKILL.md ingests user-provided code for review, which could contain malicious instructions embedded in comments or string literals.\n
- Boundary markers: The skill lacks instructions to wrap input data in unique delimiters (e.g., random strings or specific XML tags) to distinguish it from system instructions.\n
- Capability inventory: Across all files (SKILL.md and evals/evals.json), the skill is limited to text generation (Markdown reports and JSON findings) and does not possess capabilities for file system access, network communication, or code execution.\n
- Sanitization: No evidence of input validation or sanitization is present to prevent embedded instructions from potentially overriding the agent's intended behavior.
Audit Metadata