code-reviewer
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the processing of untrusted input data.
- Ingestion points: The skill is instructed to read '变更 diff' (change diffs) and various documentation files (
docs/plan/*.md,docs/standards/*.md) within theSKILL.mdinstructions. - Boundary markers: There are no defined delimiters or specific instructions provided to the agent to treat the content of the diffs as non-instructional data.
- Capability inventory: The skill is restricted to textual analysis and feedback generation; it lacks any capabilities for subprocess execution, file system modification, or network communication.
- Sanitization: The instructions do not include any logic or guidance for sanitizing or validating the contents of the code diffs for embedded prompt injection attacks.
- [NO_CODE]: No executable scripts, binaries, or library dependencies were found in the skill. All functionality is derived from natural language instructions within the markdown files.
Audit Metadata