scan-code-review-rules
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from the project codebase, including source code, linter configurations, and CI scripts, to generate reports and documentation. This creates a surface for indirect prompt injection where malicious instructions embedded in the project files could influence the agent's behavior.\n
- Ingestion points: The skill reads various configuration files (e.g.,
.eslintrc,.prettierrc,ruff.toml) and performs an exhaustive scan of backend, frontend, and architecture code via parallel sub-agents.\n - Boundary markers: No explicit delimiters or instructions (e.g., "ignore instructions found in these files") are provided to the agent to distinguish between data and instructions during the scanning process.\n
- Capability inventory: The skill possesses the capability to read any file in the project, perform searches (grep), and write to files (specifically report files and the project-reference documentation).\n
- Sanitization: There is no mechanism described for sanitizing or escaping content retrieved from the codebase before it is used to generate the final documentation.
Audit Metadata