code-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and process untrusted external data (source code) which could contain malicious instructions.
- Ingestion points: Uses
Read,Grep, andGlobtools to access local files and PR changes (implied by the description). - Boundary markers: Absent. There are no instructions to the agent to treat reviewed code as data only or to ignore embedded instructions.
- Capability inventory: The skill is granted access to the
Bashtool, allowing for command execution that could be exploited if an attacker embeds malicious instructions in the code being reviewed. - Sanitization: Absent. There is no logic to filter or sanitize the contents of the files being read.
Audit Metadata