code-review
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted data from source code and repository documentation (e.g.,
docs/ARCHITECTURE.md,CLAUDE.md). This is inherent to the skill's purpose as a code review tool. - Ingestion points: Reads source code, test files, and project documentation as specified in the
contextmetadata and instructions. - Boundary markers: Not explicitly defined for external content.
- Capability inventory: Writing review artifacts to
.reviews/and audit trails to.factory/audit-trail/. - Sanitization: No explicit sanitization of input code content before processing.
- [COMMAND_EXECUTION]: The documentation includes a command to install a dependent skill (
npx skills add jwilger/agent-skills --skill domain-modeling). This is a standard installation pattern for the author's own resources and does not involve untrusted third-party code. - [SAFE]: File system activity is restricted to local project directories for persisting review findings (
.reviews/) and pipeline state (.factory/). These operations are consistent with the skill's stated purpose of providing durable review artifacts.
Audit Metadata