simplicity-reviewer
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill instructions are focused on providing a code review service and do not contain any malicious patterns such as prompt injection, data exfiltration, or obfuscation. All provided code snippets are benign examples used for educational purposes.
- [PROMPT_INJECTION]: Analysis of the indirect prompt injection surface:
- Ingestion points: The skill is configured to use
Read,Grep, andGlobtools to ingest untrusted source code from the project environment as part of its primary review task. - Boundary markers: There are no specific delimiters or "ignore" instructions provided to the agent to distinguish between its own operational instructions and content within the code files it analyzes.
- Capability inventory: The skill has access to the
Bashtool in addition to file-reading and search tools. - Sanitization: No sanitization or validation of the ingested code is specified in the instructions.
- Context: While the surface for indirect injection exists, the instructions are strictly focused on analysis and reporting rather than taking automated actions on the code, minimizing the risk of exploitation.
Audit Metadata