reviewing-code-quality
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- Command Execution (SAFE): The skill executes local bash scripts (e.g.,
review-lint.sh,review-types.sh) stored in a platform-specific configuration directory (~/.claude/plugins/marketplaces/claude-configs/review/scripts/). These scripts are used for their primary intended purpose of code analysis and do not involve remote downloads or elevated privileges. - Indirect Prompt Injection (LOW): The skill identifies a surface for indirect prompt injection as it processes untrusted code files provided by users.
- Ingestion points: Untrusted data enters the agent context through file reading and
grepoperations in the 'Manual Detection Patterns' section. - Boundary markers: Absent; there are no specific delimiters or 'ignore' instructions mentioned for the content being analyzed.
- Capability inventory: The agent has the capability to execute shell commands (
bash,grep,while read) and call other review-related skills. - Sanitization: Absent; the skill does not perform sanitization of the file content before it is processed by the agent's analysis logic.
Audit Metadata