code-review
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides a structured methodology for auditing code for logic errors, bad practices, and patterns.
- [DATA_EXPOSURE_&_EXFILTRATION]: The skill explicitly instructs the agent to identify and report hardcoded credentials and exposed sensitive data, which is a defensive security practice.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted input in the form of code files and git diffs. Ingestion points: User-provided code snippets, uploaded files, or diff hunks. Boundary markers: None are defined in the instructions to separate data from system logic. Capability inventory: The skill allows repository exploration and file reading. Sanitization: No sanitization or validation of the input content is specified. This configuration creates a surface where malicious instructions embedded in the reviewed code could potentially influence the agent's execution.
Audit Metadata