review-security
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill's core workflow involves reading and analyzing potentially untrusted code files. This presents a surface for indirect prompt injection, where an attacker could embed malicious instructions within code comments or string literals to influence the agent's review verdict or report content.\n
- Ingestion points: Source code content retrieved via
git diffor file system globbing.\n - Boundary markers: None specified in the instructions to prevent the agent from interpreting instructions within the analyzed files.\n
- Capability inventory: Reading local files, generating markdown reports, and suggesting the execution of external security tools.\n
- Sanitization: No sanitization or escaping of ingested code content is performed before the agent processes it.\n- External Downloads (SAFE): The skill references reputable security tools (Semgrep, Gitleaks, Bandit, etc.) and provides installation instructions from trusted sources like PyPI and GitHub. These references are appropriate for the skill's primary purpose and do not constitute a security risk.\n- No Code (SAFE): The skill consists entirely of markdown resource files and instructions, with no executable scripts or binaries included, which limits its direct attack surface to prompt-based interactions.
Audit Metadata