code-reviewer
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it is designed to analyze untrusted external data (source code) while having access to sensitive tools.\n
- Ingestion points: The agent is instructed to review code and PRs, utilizing the 'Read', 'Grep', and 'Glob' tools to ingest external content (SKILL.md).\n
- Boundary markers: Absent. The skill provides no instructions to the agent on how to distinguish between its own system-level instructions and potentially malicious instructions embedded in the code being reviewed.\n
- Capability inventory: The skill allows access to 'Bash', 'Read', 'Write', 'Grep', and 'Glob', enabling significant system interaction and file modification capabilities if the agent is subverted.\n
- Sanitization: No sanitization, validation, or filtering of the ingested code content is specified in the instructions.
Audit Metadata