code-review
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified in the skill code. It performs passive analysis of local files for the purpose of code review.\n- [PROMPT_INJECTION]: The skill processes untrusted source code provided in the $ARGUMENTS variable, creating a potential surface for indirect prompt injection. However, since the skill has no network access or file-writing capabilities, the technical impact is negligible and is classified as safe.\n- Ingestion points: Source files passed to the /code-review command and read by the agent via $ARGUMENTS.\n- Boundary markers: None present; input code is processed directly without delimiters or specific instructions to ignore embedded commands.\n- Capability inventory: The skill performs read-only operations and generates text reports; it does not have network access, secrets, or write permissions.\n- Sanitization: No specific sanitization or escaping of the input source code is performed before analysis.
Audit Metadata