code-quality-review
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is composed exclusively of markdown documentation (SKILL.md, reference.md, and examples/anti-patterns.md). It provides the agent with a persona and a methodology for code analysis but does not ship with or execute any scripts, binaries, or commands.
- [PROMPT_INJECTION]: The skill is inherently designed to process and analyze external, potentially untrusted code (the indirect prompt injection surface). However, the risk is negligible because the skill does not grant the agent any tool-use capabilities (e.g., terminal access, file system modification, or network requests).
- Ingestion points: External source code provided via pull requests or merge requests (as mentioned in the Activation section of SKILL.md).
- Boundary markers: Not explicitly defined in the instructions, though standard markdown block delimiters are typical for such inputs.
- Capability inventory: None. The skill is limited to generating text-based findings based on the provided OutputSchema.
- Sanitization: Not applicable, as the agent only reads the content for static analysis and does not execute it.
Audit Metadata