code-review
Warn
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: MEDIUMPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill is designed to ingest and process untrusted external data in the form of code changes and pull request descriptions.
- Ingestion points: Pull requests and code changes (SKILL.md frontmatter).
- Boundary markers: The instructions do not define boundary markers to separate code-under-review from the agent's instructions, nor do they instruct the agent to ignore instructions embedded in code comments.
- Capability inventory: The skill guides decision-making (Approval/Flagging), which can have side effects if the agent is integrated into a CI/CD or PR workflow.
- Sanitization: No input sanitization or validation logic is defined.
- [No Code] (SAFE): The skill contains only instructional text and guidelines. There are no executable scripts, subprocess calls, or network operations, which eliminates risks associated with direct remote code execution or exfiltration.
Audit Metadata