quality-code-review
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it processes untrusted data from source code files and version control outputs without sanitization.
- Ingestion points: Source code content retrieved via the 'Read' and 'Grep' tools, and 'git diff' outputs captured via 'Bash'.
- Boundary markers: The skill does not implement specific delimiters or 'ignore embedded instructions' warnings for the data it processes.
- Capability inventory: The skill possesses significant local capabilities, including the ability to execute shell commands via 'Bash' and access the file system via 'Read' and 'Glob'.
- Sanitization: No sanitization or filtering is performed on the code content before it is passed to the language model, which could allow instructions hidden in comments to influence agent behavior.
- [COMMAND_EXECUTION]: The skill utilizes the 'Bash' tool to execute standard development utilities such as 'git', 'pytest', 'mypy', 'ruff', and 'eslint'. These tools are used appropriately for code validation but provide a potential execution surface if the agent is influenced by indirect injection.
Audit Metadata