review-changes-java
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is intended to process and analyze untrusted external code diffs.
- Ingestion points: Processes Pull Requests, commits, and diffs.
- Boundary markers: Absent; there are no instructions for the agent to distinguish between code logic and potential natural language instructions embedded in code comments.
- Capability inventory: No code-execution capabilities are included in this skill; it relies on the host agent's native tools.
- Sanitization: None; the skill does not instruct the agent to sanitize or ignore instructions found within the reviewed data.
- No Executable Code (SAFE): The skill is entirely composed of Markdown instructions and YAML metadata, posing no direct execution risk.
Audit Metadata