code-review
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill files consist of documentation and metadata without any executable logic or scripts. No malicious patterns, hardcoded secrets, or suspicious network behaviors were identified during the analysis.
- [NO_CODE]: No scripts or binaries are included with this skill, which eliminates common executable attack vectors such as remote code execution or privilege escalation.
- [PROMPT_INJECTION]: The skill's primary function is to analyze external code changes, which creates a surface for indirect prompt injection. 1. Ingestion points: Code changes or pull requests provided by the user for review as described in the documentation. 2. Boundary markers: No specific delimiters or 'ignore embedded instructions' warnings are defined in the skill documentation. 3. Capability inventory: No script-based capabilities (such as subprocess calls, file-write, or network operations) are included across the provided files. 4. Sanitization: The skill does not define specific sanitization or escaping mechanisms for the code it processes. This surface is inherent to the skill's purpose and is considered safe given the lack of executable capabilities in the package.
Audit Metadata