code-reviewer
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it is designed to ingest and process untrusted data from pull request descriptions and source code files.\n
- Ingestion points: The workflow in
SKILL.mddirects the agent to read PR descriptions and code content.\n - Boundary markers: Absent; the instructions do not define delimiters or "ignore" instructions to prevent the agent from obeying commands embedded in the code being reviewed.\n
- Capability inventory: Tools are limited to
Read,Grep, andGlob, preventing high-impact actions like network exfiltration or shell command execution.\n - Sanitization: Absent; the skill does not specify any sanitization or validation of the content read from external files.
Audit Metadata