receiving-code-review
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill consists entirely of markdown-based instructions and contains no executable scripts or code files.
- [PROMPT_INJECTION]: The skill defines behavioral constraints for the agent's persona during code reviews, such as avoiding expressions of gratitude or social agreement. These are used to ensure professional and technically accurate communication rather than bypassing safety protocols.
- [PROMPT_INJECTION]: An indirect prompt injection surface exists where the skill processes feedback from external reviewers. Evidence Chain: 1. Ingestion points: External reviewer comments (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Instructed capabilities include codebase searching (grep) and GitHub API interaction (SKILL.md). 4. Sanitization: The skill implements robust sanitization by requiring the agent to verify all suggestions against the current codebase, check for regressions, and evaluate for technical correctness before any implementation occurs.
Audit Metadata