ask-code-reviewer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill's core functionality involves processing untrusted code, which provides a surface for attackers to embed instructions aimed at manipulating the AI agent's behavior.
- Ingestion points: Untrusted code snippets or PR diffs provided via user prompts, as defined in
SKILL.mdandREADME.md. - Boundary markers: The skill lacks explicit instructions or delimiters (like XML tags or clear 'ignore instructions' directives) to prevent the agent from accidentally executing commands found in the analyzed code.
- Capability inventory: The skill generates text-based reports and executes a local, static validation script (
scripts/validate.py). It does not request network access or sensitive file-system permissions. - Sanitization: There is no logic provided to sanitize or filter the input code before it is interpreted by the agent.
Audit Metadata