woocommerce-code-review
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill's primary purpose is to process untrusted external data (source code). It does not define boundary markers (such as XML tags or delimiters) or provide instructions for the agent to ignore natural language instructions that might be present in code comments or string literals. An attacker could potentially embed malicious instructions within a pull request to influence the agent's review output.
- Ingestion points: Source code and pull request descriptions provided for review.
- Boundary markers: Absent in the instruction set.
- Capability inventory: The skill facilitates textual review and feedback; it does not define tools for file system modification, command execution, or network access in this specific file.
- Sanitization: None specified for the input data.
Audit Metadata