code-review
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted content from source files.
- Ingestion points: Files discovered via the
Globtool (e.g.,.py,.js,.ts,.go,.rs) are read and processed by thecode-reviewagent. - Boundary markers: The instructions do not specify any delimiters or warnings to the subagent to ignore instructions embedded within the source code being analyzed.
- Capability inventory: The skill has the ability to read files (
Read) and write changes to the filesystem (TodoWrite) to apply fixes, which could be abused if the agent is manipulated. - Sanitization: There is no evidence of sanitization or filtering of the file content before it is passed to the analysis agent.
Audit Metadata