code-reviewer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No malicious instructions, bypass attempts, or safety filter overrides found in the skill body or reference files.
- [Data Exposure & Exfiltration] (SAFE): Scripts only perform local path existence validation and basic metadata reporting. No network operations, hardcoded credentials, or access to sensitive local files (e.g., SSH keys, AWS config) were detected.
- [Unverifiable Dependencies] (SAFE): While the documentation mentions installing dependencies via npm or pip, no actual package manifest files were included for analysis. The provided script logic is purely boilerplate and performs no execution of external modules.
- [Indirect Prompt Injection] (SAFE): The skill is designed to ingest and analyze external code (untrusted data). However, the scripts currently lack any high-risk capabilities, such as dynamic code execution (eval/exec), system-level command injection points, or network exfiltration sinks, that could be exploited via malicious inputs.
Audit Metadata