do-review
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill defines a surface for processing external code files and pull request data as specified in the argument-hint. This untrusted data could potentially contain malicious instructions. However, the skill instructions in SKILL.md include clear boundary markers, stating that the review is read-only and forbidding file writes or test execution. No high-risk capabilities such as network access or subprocess execution are present, ensuring that any embedded instructions cannot be executed by the agent. Evidence Chain: 1. Ingestion point: file, PR, or scope argument; 2. Boundary markers: Explicit read-only constraint; 3. Capability inventory: No dangerous actions defined; 4. Sanitization: Relies on agent constraints.
- [SAFE]: All other categories, including Prompt Injection, Data Exfiltration, and Remote Code Execution, were analyzed and no malicious patterns or security risks were detected. The skill serves as a safe organizational template for code review tasks.
Audit Metadata