code-reviewer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION] (SAFE): No instructions attempting to bypass safety filters or override agent behavior were detected in the documentation or script comments.
- [DATA_EXFILTRATION] (SAFE): The scripts (
scripts/code_quality_checker.py,scripts/pr_analyzer.py,scripts/review_report_generator.py) only interact with a specified local target path and do not include any network transmission logic or hardcoded credentials. - [REMOTE_CODE_EXECUTION] (SAFE): The code does not use dangerous functions such as
eval(),exec(), or sub-process spawning with unsanitized inputs. All scripts use standard, safe Python libraries. - [EXTERNAL_DOWNLOADS] (SAFE): Although the documentation mentions installing dependencies, no external URLs or automated download commands are present in the provided scripts.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill is designed to ingest untrusted data from project repositories for review. While this is an attack surface, the current implementation is purely boilerplate and lacks capabilities (like network access or file writing) that could be exploited by embedded instructions.
Audit Metadata