qe-sherlock-review
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill promotes a defensive and skeptical posture for code analysis, requiring empirical verification of all claims. No patterns of prompt injection, data exfiltration, or obfuscation were detected.
- [COMMAND_EXECUTION]: The skill provides templates and examples for executing standard development commands such as
git diff,git log, andnpm test. These are appropriate for the skill's primary purpose of code investigation and do not involve shell piping of remote resources. - [PROMPT_INJECTION]: The skill processes untrusted external data (Pull Request descriptions and source code), which is an inherent risk for indirect prompt injection. However, the instruction to 'Trust only reproducible evidence' and focus on 'Deductive Analysis' serves as a functional mitigation against adversarial content in the reviewed data.
Audit Metadata