code-review
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The documentation references an installation command (
npx skills add jwilger/agent-skills) to manage dependencies. As this targets the skill author's own repository, it is considered a legitimate vendor resource pattern. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it is designed to ingest and analyze untrusted external data (source code, diffs, and project documentation).
- Ingestion points: Processes source files, test files, and architectural documentation from the active repository context.
- Boundary markers: The prompt instructions lack explicit delimiters or instructions to ignore instructions embedded within the code being reviewed.
- Capability inventory: The skill has the capability to write persistent files to the
.reviews/and.factory/audit-trail/directories. - Sanitization: No validation or sanitization of the input code is performed before it is processed by the review logic.
Audit Metadata