code-reviewer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE] (SAFE): The skill file contains only markdown instructions and metadata defining an AI persona. There are no scripts, binaries, or configuration files that could execute commands.
- [Indirect Prompt Injection] (LOW):
- Ingestion points: The skill is intended to process external source code provided by users for review (e.g., PR reviews, security audits).
- Boundary markers: Absent. There are no specific instructions telling the agent to treat the input code as data rather than instructions.
- Capability inventory: While the prompt claims integration with various tools (SonarQube, Snyk, npm audit), the skill lacks the actual code implementation to execute these tools; it relies on the LLM's internal knowledge.
- Sanitization: None. The skill assumes the LLM's native guardrails will handle malicious instructions embedded in reviewed code.
Audit Metadata