code-reviewer
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill is made up exclusively of markdown files (SKILL.md and CHECKLIST.md) providing instructions and examples. It does not include any executable code, shell scripts, or binaries.\n- [PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection because its primary function is to process and analyze untrusted code provided by external sources.\n
- Ingestion points: Code changes, pull request data, and explicit code review requests (SKILL.md).\n
- Boundary markers: Absent; there are no defined delimiters or instructions to ignore embedded commands within the analyzed code.\n
- Capability inventory: The agent's capabilities in this context are limited to generating markdown text responses; no subprocess, network, or file-writing permissions are requested or used by the skill's instructions.\n
- Sanitization: None; the skill does not specify any sanitization, filtering, or validation of the input code to mitigate potential injection attempts.
Audit Metadata