code-reviewer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [No Code] (SAFE): The skill consists entirely of markdown text and YAML metadata. It includes no Python, JavaScript, or shell scripts, and specifies no package dependencies.
- [Indirect Prompt Injection] (SAFE): The skill analyzes untrusted source code, which serves as a potential vector for indirect prompt injection. However, the skill has no executable capabilities, meaning an injection cannot trigger malicious actions. 1. Ingestion points: Untrusted source code files analyzed during the review process. 2. Boundary markers: No delimiters or isolation instructions are present to separate user data from the agent's instructions. 3. Capability inventory: None; the skill does not use tools, subprocesses, or network calls. 4. Sanitization: No input validation or sanitization is performed.
- [Data Exfiltration] (SAFE): No instructions or patterns were identified that attempt to read sensitive system files or transmit data to external servers.
Audit Metadata