code-review
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted code provided as arguments while maintaining access to powerful system tools.\n
- Ingestion points: The skill processes contents of files, directories, and pull requests via user-provided arguments defined in SKILL.md.\n
- Boundary markers: There are no markers or system instructions defined to prevent the agent from executing instructions embedded in the code being analyzed.\n
- Capability inventory: The skill has access to Bash, Read, Grep, and LSP tools, which could be exploited through malicious instructions in the input data.\n
- Sanitization: No validation or sanitization of the input source code is performed by the skill logic before processing.
Audit Metadata