code-review
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- Standard Command Execution: The skill uses industry-standard tools pytest and ruff to validate code changes and ensure style compliance. These tools are executed locally as part of the intended code review workflow.
- Static Code Analysis: The helper script lint_check.py uses the Python ast module to perform static analysis of source files. This approach is secure as it allows the skill to inspect code structure—such as function length and docstring presence—without executing the files.
- Indirect Prompt Injection Surface: As a code review tool, the skill requires reading and processing external source code, which creates a surface for indirect prompt injection.
- Ingestion points: Source code files are read end-to-end for review as described in SKILL.md.
- Boundary markers: There are no explicit delimiters used to separate the code content from the agent's instructions, which is common in manual review tasks.
- Capability inventory: The skill can execute shell commands via the execute tool for testing and linting.
- Sanitization: Code is analyzed through static tools and manual inspection. The skill includes specific instructions for the agent to manually identify and flag potential injection vectors in the code being reviewed.
Audit Metadata