receiving-code-review
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is entirely instructional markdown and does not include any executable code, scripts, or binary assets.
- [PROMPT_INJECTION]: The skill handles pull request comments, which represent an external ingestion surface for untrusted data. This surface is considered safe because the skill's instructions specifically mandate verification and pushback against incorrect suggestions.
- Ingestion points: PR/MR review comments (SKILL.md).
- Boundary markers: Absent.
- Capability inventory: Modifying project files to implement changes.
- Sanitization: Manual verification against project conventions and CLAUDE.md.
Audit Metadata