fe-code-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Vulnerable to Indirect Prompt Injection through the analysis of external code.
- Ingestion points: The skill reads arbitrary file content and directory structures via the
$ARGUMENTSvariable inSKILL.md. - Boundary markers: There are no explicit instructions to the AI to ignore embedded instructions within the source code being reviewed (e.g., markdown comments or string literals designed to hijack the agent's persona).
- Capability inventory: The skill's capabilities are restricted to file system read operations (
Read,Glob) and generating a markdown report. It lacks the ability to execute code, write files, or make network requests. - Sanitization: The skill does not perform sanitization of the input code before it is processed by the AI model.
- [SAFE] (SAFE): No evidence of obfuscation, persistence mechanisms, or credential harvesting was found in the skill's instructions or metadata.
Audit Metadata