code-review
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a knowledge base and procedural guide for code inspection. It includes intentional examples of insecure code, such as XSS patterns and hardcoded credential placeholders, to teach the agent what vulnerabilities to look for in user code; these are diagnostic references and not executable commands.
- [SAFE]: While the skill configuration allows the use of the Bash tool, the provided instructions do not contain any automated or malicious shell scripts. The tool is intended for the agent to use during its analysis of the project's structure and code.
- [SAFE]: No evidence of data exfiltration, credential harvesting, or unauthorized network activity was found. All external URLs provided in the documentation refer to legitimate development and security resources like OWASP and WCAG guidelines.
- [SAFE]: The skill's primary function is to analyze user-provided code snippets. While this represents a potential surface for indirect prompt injection, the skill's instructions specifically focus on identifying and neutralizing security risks, which acts as a conceptual safeguard.
Audit Metadata