code-test-review-expert
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or security violations were detected. The skill provides high-quality instructions for code analysis and testing strategy.
- [NO_CODE]: The skill consists entirely of Markdown documentation and YAML metadata. No executable scripts (e.g., Python, JavaScript) or binary files are included in the package.
- [PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted external code provided by users, which creates an attack surface for indirect prompt injection. This is a functional requirement of its auditing purpose, and no active exploitation or safety bypass instructions were found.
- Ingestion points: User-supplied source code, architecture descriptions, and configuration files throughout the review workflow (Phase 1 and Phase 2).
- Boundary markers: The skill relies on its structured multi-expert workflow, but does not define explicit delimiters to isolate analyzed code from agent instructions.
- Capability inventory: Utilizes tools for browser automation (Playwright), symbolic code analysis (Serena), and web-based search (Tavily).
- Sanitization: No specific input sanitization or content validation mechanisms are described.
Audit Metadata