code-reviewer
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to ingest and analyze untrusted external code, creating an attack surface for indirect prompt injection.
- Ingestion points: The Workflow in
SKILL.mdspecifies reading and understanding user-provided code for review purposes. - Boundary markers: Absent; the instructions do not define delimiters or warnings to ignore embedded instructions within the code being analyzed.
- Capability inventory: Display-only; the skill is restricted to generating text-based assessments and has no capabilities for file-system modification, network access, or command execution.
- Sanitization: Absent; there is no logic defined to sanitize or filter the content of the ingested code before processing.
Audit Metadata