code-review-quality
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The skill's instructions are task-oriented and do not contain bypass or override patterns.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file access, or suspicious network activity found.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): No remote script downloads or execution patterns detected; the skill uses internal framework task calls for analysis.
- [Indirect Prompt Injection] (LOW): The skill has a surface for indirect injection by processing untrusted PR data. 1. Ingestion points: prNumber and prFiles parameters. 2. Boundary markers: Not present in the prompt instructions. 3. Capability inventory: No file-write, network-send, or subprocess execution capabilities identified. 4. Sanitization: Not explicitly present. Risk is minimal as the scope is limited to code analysis and feedback generation.
Audit Metadata