code-review
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were identified in the skill's instructions, metadata, or tool usage.
- [PROMPT_INJECTION]: Ingestion points: Pull request descriptions and codebase files (SKILL.md). Boundary markers: Absent. Capability inventory: Read-only file access via Read, Grep, and Glob. Sanitization: Absent. While the skill processes untrusted data, the risk of indirect prompt injection is mitigated by the restricted, read-only toolset and lack of execution capabilities.
- [DATA_EXFILTRATION]: No network-enabled tools or instructions for exfiltrating data were found.
- [CREDENTIALS_UNSAFE]: Documentation contains dummy secrets (e.g., sk-1234567890abcdef) strictly as examples of bad practices for educational purposes and not as functional credentials.
Audit Metadata