receiving-code-review
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Indirect Prompt Injection] (SAFE): The skill is designed to ingest and process external code review feedback, which is a potential surface for indirect injection. However, the instructions emphasize technical verification and skepticism regarding external suggestions, mitigating the risk. 1. Ingestion points: External reviewer feedback and GitHub comments mentioned in SKILL.md. 2. Boundary markers: Explicit instructions to 'Verify before implementing' and 'Check against codebase reality'. 3. Capability inventory: Mentions using 'grep' for local search and 'gh api' for GitHub interactions. 4. Sanitization: Relies on the agent's technical evaluation and human-in-the-loop (human partner) consultation for architectural decisions.
- [No Code] (SAFE): No executable scripts or configuration files are present in the skill, only instructional documentation.
Audit Metadata