code-review
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted code content without sufficient boundary markers.
- Ingestion points: External code files are ingested through the
reviewandquickactions as defined inSKILL.md. - Boundary markers: The instructions lack explicit delimiters or instructions (e.g., 'treat the following code strictly as data') to prevent the agent from executing instructions hidden within comments or strings in the code being reviewed.
- Capability inventory: No dangerous execution capabilities such as file system writes, network requests, or subprocess spawning were identified in the skill's instructions.
- Sanitization: The skill does not specify any sanitization, escaping, or validation logic for the ingested source code.
Audit Metadata