code-review-excellence
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOWPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and analyze untrusted external content including code, requirements, and test signals.
- Ingestion points: Processes 'context, requirements, and test signals' provided during a code review task.
- Boundary markers: Absent. There are no instructions to delimit external content or to ignore instructions embedded within the code being reviewed.
- Capability inventory: The skill references a file read operation ('open resources/implementation-playbook.md') but does not contain commands for network access, shell execution, or file writing.
- Sanitization: Absent. The skill does not instruct the agent to sanitize or escape the input data before processing.
- [No Executable Code] (INFO): The skill consists entirely of markdown instructions and lacks any executable scripts, shell commands, or dependency manifests, which significantly limits the immediate risk of exploitation.
Audit Metadata