receiving-code-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (SAFE): The skill defines a process for ingesting external data (code review feedback).
- Ingestion points: External feedback strings provided by "External Reviewers" or "human partners".
- Boundary markers: Absent; the skill uses logical flow (WHEN/IF) rather than specific delimiters.
- Capability inventory: Implies the agent can perform "grep", "implement" (file system writes), and "test" (command execution) as part of its normal dev environment.
- Sanitization: No literal sanitization of text, but the instructions mandate "technical verification" and "skepticism" before action, which serves as a cognitive defense against malicious instructions embedded in reviews.
- [Prompt Injection] (SAFE): No evidence of attempts to bypass safety filters or extract system prompts. The skill actually reinforces instructions to avoid "performative agreement" (politeness over correctness), which strengthens the agent's adherence to technical requirements.
- [Data Exposure & Exfiltration] (SAFE): No access to sensitive files (~/.ssh, .env) or unauthorized network operations were detected.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill does not install any packages or download scripts from the internet.
Audit Metadata