arcanea-code-review
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODE
Full Analysis
- [NO_CODE] (SAFE): The skill consists entirely of Markdown-formatted instructions and YAML metadata. There are no executable scripts, binaries, or configuration files that could trigger command execution.
- [Indirect Prompt Injection] (LOW): While the skill's purpose is to process untrusted code from pull requests (an attack surface for Indirect Prompt Injection), the skill itself does not define tool calls or automated actions. It provides a human-readable framework for a model to follow, which inherently limits the automated risk compared to skills with direct tool integration.
- [Security Best Practices] (INFO): The content explicitly instructs the agent to look for security vulnerabilities, such as hardcoded secrets, SQL injection, and XSS, which serves as a defensive posture.
Audit Metadata