code-review-checklist
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection (Category 8) when processing untrusted PR diffs and codebase files.
- Ingestion points: Uses Read, Grep, and Glob tools to ingest external file content into the agent context.
- Boundary markers: No delimiters or instructions to ignore embedded commands are present in the skill definition.
- Capability inventory: Limited to read-only tools (Read, Grep, Glob); no file-write, network, or code execution capabilities are present.
- Sanitization: No sanitization or content validation is specified for the ingested data.
Audit Metadata