code-review
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted research scripts (.R, .py, .do, .jl) which may contain malicious instructions designed to subvert the agent's review process.
- Ingestion points: Workflow steps 1 and 2 in
SKILL.mdinvolve locating and reading content from multiple script files. - Boundary markers: There are no specified boundary markers or delimiters used to separate script content from the agent's system instructions.
- Capability inventory: The skill is authorized to use
Read,Glob, andGreptools and produces aCODE-REVIEW-REPORT.mdfile. - Sanitization: The skill lacks mechanisms to sanitize or validate the content of scripts before they are processed by the agent.
Audit Metadata