qe-code-review-quality
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE]: The skill is composed entirely of Markdown and contains no scripts, Python packages, or executable code.
- [PROMPT_INJECTION]: The skill describes a workflow that processes untrusted external code, creating an inherent surface for indirect prompt injection. Evidence: 1. Ingestion points: The skill is designed to process pull request data such as 'prFiles' and 'changedFiles'. 2. Boundary markers: No explicit delimiters or ignore-instructions are present in the provided templates. 3. Capability inventory: The skill coordinates multiple agents (e.g., 'qe-security-scanner') and manages memory namespaces. 4. Sanitization: No sanitization logic is described in the guidelines. This risk is inherent to the skill's purpose.
- [SAFE]: No signs of obfuscation, credential exfiltration, or unauthorized network operations were found.
Audit Metadata