receiving-code-review
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions found that attempt to bypass AI safety guardrails or override system-level constraints.
- [Data Exposure & Exfiltration] (SAFE): No evidence of credential harvesting, sensitive file access, or unauthorized data transmission.
- [Remote Code Execution] (SAFE): The skill does not download or execute scripts from external sources.
- [Indirect Prompt Injection] (LOW): The skill processes untrusted reviewer feedback. Mandatory evidence: (1) Ingestion points: human and external feedback comments; (2) Boundary markers: absent; (3) Capability inventory: grep, gh api, and file system modifications; (4) Sanitization: explicit instructions to verify logic against the codebase before acting. This behavior reduces the likelihood of successful indirect injection.
Audit Metadata