code-review
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Vulnerability to Indirect Prompt Injection. The skill's primary function is to analyze untrusted external code, creating an attack surface where embedded instructions could override the agent's behavior. * Ingestion points: User-provided code snippets and files as specified in the 'When to Apply' section of code-review/SKILL.md and 使用说明.md. * Boundary markers: Absent. The instructions do not define specific delimiters to isolate the code being analyzed from the agent's system instructions. * Capability inventory: Limited to text analysis, reasoning, and generating structured markdown reports. No file-system write access, shell execution, or network capabilities are defined within the skill files. * Sanitization: Absent. There is no guidance or logic included to filter, escape, or sanitize malicious instructions hidden within the code provided for review.
Audit Metadata