code-review
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes code changes which may contain malicious instructions that could be executed during build or test phases.
- Ingestion points: User/Agent workspace changes.
- Boundary markers: Absent; no markers are used to isolate untrusted code.
- Capability inventory: Execution of lint, test, and build pipelines via subprocess.
- Sanitization: Absent; no filtering of code content is performed.
- Command Execution (SAFE): Running development pipelines is the primary and legitimate purpose of this skill, and no malicious command patterns were detected.
Audit Metadata