code-review
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill is entirely composed of natural language instructions in markdown format and does not include any executable code, scripts, or external dependencies.\n- [PROMPT_INJECTION]: The skill provides an attack surface for indirect prompt injection because its core purpose is to process and analyze untrusted input (code for review). Malicious instructions hidden within the code being analyzed could potentially influence the agent's behavior.\n
- Ingestion points: External code, PRs, and feature changes provided to the agent for review (SKILL.md).\n
- Boundary markers: Absent; the prompt does not specify delimiters to separate untrusted code from the agent's instructions.\n
- Capability inventory: The skill instructs the agent to 'use verifiers', which may involve the execution of code or testing tools if the agent environment supports them.\n
- Sanitization: Absent; no validation or sanitization of the input code is defined in the skill instructions.
Audit Metadata