code-review
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (MEDIUM): High potential for Indirect Prompt Injection. The skill is designed to ingest and analyze untrusted source code and pull request descriptions without using boundary markers or sanitization logic.
- Ingestion points: Untrusted content enters the agent context through variables such as '{ files/areas under review }' and '{ specific concerns }' in SKILL.md.
- Boundary markers: Absent. The instructions do not mandate the use of delimiters (such as XML tags or unique code blocks) to isolate external data from the skill's operational logic.
- Capability inventory: The skill has significant influence over agent reasoning and downstream actions through its 'Recommendation' output (e.g., 'ship / fix blockers / needs rework').
- Sanitization: Absent. There is no guidance to the agent to ignore or filter embedded instructions within code comments or PR descriptions that might attempt to override the review checklist.
Audit Metadata