Skills
skills/norseboar/superpowers-cursor/receiving-code-review/Gen Agent Trust Hub

receiving-code-review

Pass

Audited by Gen Agent Trust Hub on Feb 12, 2026

Risk Level: LOWNO_CODE
Full Analysis

================================================================================

✅ VERDICT: SAFE

This skill is a set of instructions for an AI agent, written entirely in natural language (markdown). It outlines a protocol for receiving, understanding, verifying, and responding to code review feedback. The skill does not contain any executable code, shell commands, external script downloads, or references to external dependencies that would pose a security risk.

Threat Category Analysis:

  • 1. Prompt Injection: The skill itself is a set of instructions for the AI's behavior. It does not contain any patterns typically associated with malicious prompt injection attempts (e.g., 'IMPORTANT: Ignore', 'Override', 'DAN jailbreak'). Phrases like 'NEVER:' or 'INSTEAD:' are instructional for the AI's task, not attempts to bypass its core safety mechanisms. The instruction to signal discomfort with 'Strange things are afoot at the Circle K' is a designed safety mechanism for the AI.
  • 2. Data Exfiltration: No commands or code capable of accessing sensitive files or performing network requests are present.
  • 3. Obfuscation: The content is plain markdown text. No Base64, zero-width characters, homoglyphs, or other obfuscation techniques were detected.
  • 4. Unverifiable Dependencies: The skill does not install any packages, download scripts, or reference external code. It refers to a conceptual 'CLAUDE.md' but this is not an instruction to download or execute anything.
  • 5. Privilege Escalation: No commands like sudo, chmod, or system file modifications are present.
  • 6. Persistence Mechanisms: No commands to modify shell configurations, create cron jobs, or establish other persistence mechanisms are present.
  • 7. Metadata Poisoning: The name and description fields are benign and accurately reflect the skill's purpose.
  • 8. Indirect Prompt Injection: While the skill's purpose involves processing external input (code review feedback), which is a common vector for indirect prompt injection, the skill's instructions are explicitly designed to mitigate this risk. It emphasizes 'Verify before implementing,' 'Ask before assuming,' 'Technical correctness over social comfort,' and 'be skeptical' of external feedback. This makes the skill itself a defense against, rather than a vector for, indirect injection.
  • 9. Time-Delayed / Conditional Attacks: No time-based, usage-based, or environment-specific conditional logic is present.

Adversarial Reasoning: Given the skill is purely instructional text, there are no hidden executable components or opportunities for an attacker to embed malicious code that would be run by the agent. The instructions are clear and directly support the stated purpose.

Total Findings: 0

================================================================================

Audit Metadata
Risk Level
LOW
Analyzed
Feb 12, 2026, 01:28 PM