code-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted external code files which may contain instructions designed to manipulate the agent's behavior. 1. Ingestion points: Usage section specifies reading and reviewing files like
src/auth.tsorgit diff. 2. Boundary markers: Absent; the instructions do not provide delimiters or warnings to ignore instructions embedded within the code being reviewed. 3. Capability inventory: The agent is instructed to execute shell commands (npm test,npm run build,cargo build) based on the project's configuration. 4. Sanitization: Absent. - Command Execution (LOW): The skill directs the agent to execute shell commands that are typically defined within the untrusted project under review (e.g., scripts in
package.json). - Evidence: Section 4 'QA Checks' instructs the agent to run
npm run lint,npm run typecheck,npm test, andnpm run build. While these are standard for code reviews, they can execute arbitrary code if the repository is malicious. Severity is adjusted to LOW as these actions are fundamental to the skill's primary purpose. - Metadata (SAFE): The skill metadata accurately reflects its functionality and contains no deceptive instructions.
Audit Metadata