code-review
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted source code through the
GlobandReadtools. This creates an indirect prompt injection surface where instructions hidden in code comments or strings could be parsed and followed by the analysis agent. - Ingestion points: Source files found in the provided path (SKILL.md).
- Boundary markers: Absent. No delimiters or instructions to ignore embedded content are used.
- Capability inventory:
Task,TodoWrite,Glob,Read(SKILL.md). - Sanitization: Absent. No validation or filtering of code content before analysis.
Audit Metadata