code-reviewer
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No override instructions, safety bypasses, or 'DAN' style prompts were detected. The role definition is consistent with the skill's intended purpose of code review.
- [DATA_EXPOSURE_AND_EXFILTRATION]: No access to sensitive file paths (~/.ssh, ~/.aws) or hardcoded credentials were found. The skill does not use network-capable tools (curl, wget) to send data to external domains.
- [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill does not download external packages or execute remote scripts. All references point to local markdown files within the skill package.
- [PRIVILEGE_ESCALATION]: No commands for acquiring administrative rights (sudo, chmod 777) or modifying system-level settings were found.
- [INDIRECT_PROMPT_INJECTION]: While the skill ingests untrusted code from pull requests, the impact of potential injections is negligible because the skill lacks network, file-write, and shell-execution capabilities. The instructions include robust checklists and report templates that provide a predictable structure for the agent's output.
Audit Metadata