Skills
skills/matteocervelli/llms/code-reviewer/Gen Agent Trust Hub

code-reviewer

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
  • PROMPT_INJECTION (LOW): Potential for Indirect Prompt Injection. The skill is designed to read and analyze arbitrary source code files provided by the user.
  • Ingestion points: Content of files targeted by the /review-code <file-path> command (SKILL.md).
  • Boundary markers: Absent. The instructions do not specify delimiters or provide a system prompt directive to ignore executable instructions within the analyzed data.
  • Capability inventory: The agent has access to Read, Bash, and Grep tools, which could be exploited if the agent obeys instructions found within a reviewed file.
  • Sanitization: Absent. The skill provides no mechanism to filter or sanitize the content of the files before processing.
  • COMMAND_EXECUTION (SAFE): The skill is granted the Bash tool. While this is a high-privilege tool, the skill itself does not contain any pre-defined malicious commands or suspicious execution patterns.
  • NO_CODE (SAFE): The skill consists entirely of markdown-based documentation and instructions. It does not include Python scripts, binaries, or other executable files that could harbor malware.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:10 PM