reviewing-code
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- No Code (SAFE): The skill contains only markdown instructional content and checklists for code review. There are no scripts, binaries, or configuration files that could be used for execution on the host system.- Indirect Prompt Injection (LOW): The skill processes untrusted code via the
Read,Grep, andGlobtools. While an attacker could embed malicious instructions in code comments (8a) or metadata (8d), the skill lacks any execution capabilities (no subprocess, shell, or network access), meaning any successful injection could only influence the text content of the code review output. Evidence: 1. Ingestion points: File reading via tools specified inSKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: None (read-only and text generation). 4. Sanitization: Absent.- Data Exposure (SAFE): No hardcoded credentials, API keys, or references to sensitive system files (such as SSH keys or environment configs) were detected.
Audit Metadata