code-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE] (SAFE): This skill consists exclusively of Markdown files and YAML metadata. No scripts, executables, or binary files are present.
- [PROMPT_INJECTION] (SAFE): The instructions are focused on the intended purpose of code review. There are no patterns suggesting attempts to bypass AI safety filters or hijack agent behavior.
- [CREDENTIALS_UNSAFE] (SAFE): While the guide contains a string resembling an API key (sk_live_abc123xyz789), it is explicitly used within a 'Bad Example' code block for educational purposes to demonstrate how NOT to store secrets.
- [DATA_EXFILTRATION] (SAFE): No network operations or commands for data transfer were found.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests untrusted code for review. Evidence: 1. Ingestion points: User input code via skill prompt. 2. Boundary markers: Absent in skill logic. 3. Capability inventory: No tools, file-system access, or network functions defined. 4. Sanitization: Absent. The risk is minimized by the total lack of actionable system capabilities.
Audit Metadata