code-review
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODE
Full Analysis
- [Prompt Injection] (SAFE): No attempts to bypass safety filters or override system instructions were found. The language is purely instructional for task performance.
- [Data Exfiltration] (SAFE): There are no commands to access sensitive local files or perform network operations.
- [Remote Code Execution] (SAFE): The skill consists entirely of markdown instructions and examples; it does not contain executable scripts or download patterns.
- [Indirect Prompt Injection] (LOW/INFO): The skill's primary function is to ingest and analyze external code changes (PRs). While this creates an inherent attack surface where code comments could attempt to influence the agent, the skill itself does not provide the agent with write or execution capabilities that would escalate this risk beyond informational reporting.
- [Trusted Source] (INFO): The metadata identifies the source as 'anthropics/claude-code', which is a recognized trusted organization.
Audit Metadata