code-reviewer
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFECREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill defines a secure workflow for auditing code without utilizing dangerous capabilities like network access or file system modifications.
- [CREDENTIALS_UNSAFE]: The evaluation file evals/evals.json includes dummy database credentials (e.g., 'root', 'password123') used specifically to test the agent's ability to detect hardcoded secrets; these are non-functional examples and do not expose real secrets.
- [PROMPT_INJECTION]: The skill processes untrusted code provided by users, creating a surface for indirect prompt injection if instructions are embedded in comments or strings. 1. Ingestion points: User-supplied code blocks in evals/evals.json and the conversation context. 2. Boundary markers: Absent; the workflow does not include instructions to ignore commands within the analyzed code. 3. Capability inventory: No tools for command execution or network communication are utilized by the skill. 4. Sanitization: Absent; code is processed as raw text for analysis.
Audit Metadata