code-review
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it is designed to process untrusted external data in the form of pull requests, commits, and source files. Malicious instructions could be embedded in code comments or documentation within the analyzed files to influence the agent's behavior.
- Ingestion points: Processes external code targets (PRs, diffs, files) as defined in
SKILL.md. - Boundary markers: No explicit delimiters or instructions are provided to the agent to treat input code strictly as data and ignore embedded natural language instructions.
- Capability inventory: The provided files do not define any script-based capabilities (such as network access or filesystem modification), which significantly limits the potential impact of an indirect injection.
- Sanitization: The workflow does not include steps to sanitize or filter input code before analysis.
Audit Metadata