code-review
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- SAFE (SAFE): No security vulnerabilities or malicious patterns were identified. The skill follows best practices for a local code review tool, primarily acting as a passive analyzer of local file content.
- Indirect Prompt Injection (INFO): The skill processes untrusted external content (source code and git diffs), which is an inherent risk for AI agents. However, since the skill only provides text-based feedback and lacks the ability to execute code or access the network, the risk is negligible.
- Ingestion points: Processes output from
git diffand the contents of modified files. - Boundary markers: Absent; the agent is not instructed to use specific delimiters when processing untrusted code content.
- Capability inventory: Limited to file system read access via git and standard file reading; no write, execution, or network capabilities are defined.
- Sanitization: None; the skill treats the input content as raw data for analysis without filtering.
Audit Metadata