code-review
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious behavior or security risks were identified. The skill defines a set of best practices and checklists for code auditing and security reviews without invoking dangerous operations.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it is designed to analyze external code and PR descriptions. However, this is assessed as safe because the agent lacks any dangerous tools (e.g., network access, file writing, or command execution) that could be exploited by instructions embedded in the analyzed code. 1. Ingestion points: Reads external code and PR context via the Read, Grep, and Glob tools. 2. Boundary markers: No specific delimiters or instructions to ignore embedded commands are defined. 3. Capability inventory: No tools for network communication, file system modification, or code execution are permitted. 4. Sanitization: No input sanitization or validation mechanisms are implemented for the ingested content.
Audit Metadata