code-reviewer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill's core purpose is to process and analyze external source code and specification files, which creates an attack surface for indirect prompt injection. * Ingestion points: The script review.py accepts external file and directory paths via --file and --spec arguments. * Boundary markers: No delimiters or instructions to ignore embedded commands were found in the skill definitions. * Capability inventory: The skill has the ability to execute a local Python script (review.py) to perform analysis. * Sanitization: No sanitization or validation of the input file content is mentioned.
- Command Execution (SAFE): The skill defines command-line execution for its own internal Python scripts. This is part of the skill's intended functionality and follows standard practices for local script execution.
Audit Metadata