Skills
skills/mgd34msu/goodvibes-plugin/code-review/Gen Agent Trust Hub

code-review

Pass

Audited by Gen Agent Trust Hub on Apr 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses precision_exec to run standard development commands such as git diff, npm run test, and npm audit for code analysis and validation during the review process (SKILL.md).\n- [PROMPT_INJECTION]: The skill is designed to ingest and analyze external, untrusted code, which presents a surface for indirect prompt injection.\n
  • Ingestion points: Code changes are read via precision_read, precision_grep, and git diff commands in SKILL.md.\n
  • Boundary markers: No explicit delimiters or instructions are used to separate the ingested code from the agent's internal instructions.\n
  • Capability inventory: The skill can execute shell commands via precision_exec for validation purposes (SKILL.md).\n
  • Sanitization: No sanitization or filtering of the ingested code content is performed.\n- [SAFE]: The skill provides defensive resources, including vulnerability patterns and a validation script for ensuring review quality. All identified operations are consistent with the skill's stated purpose of auditing codebases.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 24, 2026, 05:03 AM