review-coderule
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious behavior detected. The skill is designed for local code analysis and does not use any remote services, external downloads, or privileged commands.
- [PROMPT_INJECTION]: Indirect prompt injection surface identified through the ingestion of untrusted code for review.
- Ingestion points: User-supplied source code files or modules (defined in SKILL.md).
- Boundary markers: Absent; there are no specified delimiters or instructions to ignore embedded prompts within the reviewed code.
- Capability inventory: Limited to reading a local standard file (/projectdocs/sample/code_standard.md) and generating a text-based report; no network, shell, or filesystem write capabilities found in SKILL.md.
- Sanitization: Absent; the skill analyzes the input code directly without filtering potential injection content.
Audit Metadata