code-review
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- General Security (SAFE): The skill defines a rigorous process for code evaluation. It explicitly includes security checks in its checklist, such as verifying input validation, CORS configuration, and ensuring no secrets are present in the code.\n- Indirect Prompt Injection (LOW): The skill is designed to process external content (code and reviewer feedback). While this constitutes an ingestion surface for untrusted data, the skill itself does not define any executable tools, network operations, or file-system write capabilities. The risk is limited to the agent's reasoning behavior within the context of a code review.\n- Data Exposure (SAFE): The skill provides guidance on handling API keys (recommending parameters over environment variables for specific framework patterns). While debatable as a general security standard, it does not expose any credentials or sensitive system information.
Audit Metadata