code-review
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill identifies PR diffs as a primary input, creating a high-risk surface for indirect instructions. Ingestion points: PR diffs (git diff format) mentioned in SKILL.md. Boundary markers: Absent; there are no instructions to the agent to treat input as data only or to ignore embedded instructions. Capability inventory: The skill's output (review comments) is intended to influence code quality and security decisions, which are high-leverage activities. Sanitization: No input validation or sanitization logic is present.
- [No Code] (INFO): The skill consists solely of a markdown definition file (SKILL.md) and provides no executable code or script implementation for analysis.
Recommendations
- AI detected serious security threats
Audit Metadata