review
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [SAFE]: The skill instructions are focused on legitimate code review, quality assurance, and security auditing tasks. No malicious behavior or suspicious logic was found.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it is designed to ingest and process untrusted code from external files. 1. Ingestion points: The skill uses the Read, Glob, and Grep tools to access codebase files for review. 2. Boundary markers: The instructions do not specify explicit delimiters to separate system instructions from the content being reviewed. 3. Capability inventory: The skill is authorized to use the Bash tool, which allows for shell command execution. 4. Sanitization: No specific routines for sanitizing or validating input code content are described. This surface is necessary for the skill's primary function and is assessed as SAFE.
- [NO_CODE]: The skill contains only instructional text and metadata within the SKILL.md file and does not include any executable scripts or binary files.
Audit Metadata