code-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Security Analysis (SAFE): No indicators of malicious intent, prompt injection, or unauthorized data access were found. The skill is purely instructional and follows safe architectural patterns.\n- Capability Inventory (SAFE): The skill has no access to external networks, local files, or shell commands. It only generates text-based review reports and does not invoke any automation tools internally.\n- Indirect Prompt Injection (LOW): As a code review tool, it processes untrusted user-provided code. While this is a surface for indirect prompt injection, the risk is negligible due to the lack of dangerous capabilities (no command execution, no network access). Evidence: Ingestion occurs via code snippets in prompts; Boundaries rely on markdown triple backticks; Capability inventory is limited to text generation; Sanitization of input code is not performed.
Audit Metadata