code-security-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to ingest and process untrusted code snippets, which creates a surface for indirect prompt injection if the analyzed code contains adversarial instructions.
- Ingestion points: The workflow identifies user-provided source code, API parameters, and configuration files as primary inputs in SKILL.md.
- Boundary markers: Absent. The instructions do not provide the agent with specific delimiters or commands to ignore instructions embedded within the code being reviewed.
- Capability inventory: The skill focuses on generating text-based security reports and does not exhibit capabilities for file system modification, network exfiltration, or command execution.
- Sanitization: Absent. There is no guidance on sanitizing or escaping the content of the code snippets before processing them into the final report.
Audit Metadata