ai-generated-ut-code-review
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to process untrusted external data (unit test code and coverage reports), which creates an attack surface where malicious instructions could be embedded in the code to influence the agent's scoring or risk assessment. Evidence Chain: (1) Ingestion points: Source code and coverage data provided for review. (2) Boundary markers: None defined to isolate instructions from data. (3) Capability inventory: Logic and reasoning for scoring; no active write/execute capabilities detected. (4) Sanitization: No input validation or filtering is specified.
- [No Code] (INFO): The skill contains only instructional text and lacks any executable code (Python, Node.js, or Shell) or dependency manifests, which significantly limits its immediate threat profile.
Audit Metadata