security-reviewer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill is purely instructional and provides high-quality guidance for security reviews.
- [CREDENTIALS_UNSAFE] (SAFE): While the file contains strings resembling API keys (e.g., 'sk-proj-xxxxx'), they are explicitly labeled as prohibited examples for the agent to detect in other code, not active credentials belonging to the skill itself.
- [DATA_EXFILTRATION] (SAFE): No network operations or external data transfer mechanisms are present in the skill instructions.
- [REMOTE_CODE_EXECUTION] (SAFE): The skill mentions packages like
zodand@solana/web3.jsand commands likenpm audit, but these are provided as best-practice examples for the user's codebase, not for autonomous execution by the agent. - [INDIRECT_PROMPT_INJECTION] (LOW): As a code reviewer, the skill naturally processes untrusted user-provided code. While this creates an ingestion surface, the skill includes explicit instructions for sanitization (e.g., using DOMPurify) and validation (Zod), which are defensive measures against injection.
Audit Metadata