Skills
skills/kinhluan/rules-quarkus-skills/code-reviewer/Gen Agent Trust Hub

code-reviewer

Pass

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute build and linting commands such as mvn compile and bazel build on code provided for review. While this is a core part of the skill's functionality, executing build scripts on untrusted code can lead to arbitrary code execution if the project's build configuration (e.g., pom.xml or BUILD files) is maliciously crafted.
  • [PROMPT_INJECTION]: This skill is susceptible to indirect prompt injection because its primary purpose is to ingest and process untrusted data (source code). An attacker could embed instructions within code comments or string literals designed to influence the agent's behavior during the review process.
  • Ingestion points: Untrusted source code provided for review.
  • Boundary markers: None explicitly defined in the skill instructions to separate code from instructions.
  • Capability inventory: File system access and shell command execution (mvn, bazel).
  • Sanitization: No specific sanitization or validation of the input code is described before processing or compilation.
  • [EXTERNAL_DOWNLOADS]: The skill references external documentation and checklists from Google's official GitHub pages (google.github.io) and skills.sh to guide the review process. These are well-known or trusted sources for engineering standards.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 8, 2026, 10:20 AM