code-review
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it is designed to ingest and analyze untrusted content (source code, Git diffs, and design documents).
- Ingestion points: The skill reads external code snippets, Git commit hashes, branch changes, and project files (SKILL.md).
- Boundary markers: The prompt does not define clear delimiters or use "ignore embedded instructions" warnings when processing the untrusted code content.
- Capability inventory: The skill has the capability to write files to the local filesystem (specifically under the
code-review/directory). - Sanitization: There is no evidence of sanitization or filtering applied to the input code before it is processed by the agent.
- [EXTERNAL_DOWNLOADS]: The skill mentions a conditional check for the
vercel-react-best-practicesskill. Vercel is a well-known service, and referencing their established best practices for React projects is considered a safe and standard procedure. - [COMMAND_EXECUTION]: The skill explicitly directs the agent to create a directory and write markdown files to the project root (
code-review/[file-name]-review.md). While this involves filesystem interaction, it is a restricted operation consistent with the skill's primary purpose of generating review reports.
Audit Metadata