code-review
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted source code which can be used as a vector for indirect prompt injection. 1. Ingestion points: Content from 'git diff --cached', the 'src/' directory, and user-specified files. 2. Boundary markers: The skill does not define clear boundaries or 'ignore' instructions for the content it reviews. 3. Capability inventory: Accesses local source files and writes a report to '.local/code-review.md'. 4. Sanitization: No sanitization is performed on the code prior to analysis.
- [Safe Operation] (SAFE): The skill's primary functions—reading package.json, scanning source code, and generating reports—are legitimate and restricted to the local workspace with no detected network exfiltration or obfuscation.
Audit Metadata