code-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to ingest and process untrusted data from external sources like pull requests and source files, which creates a surface for indirect prompt injection.
- Ingestion points: The skill instructions specify reading PR descriptions and files using the Read, Grep, and Glob tools (SKILL.md).
- Boundary markers: No explicit delimiters or instructions are provided to isolate untrusted content or warn the agent to ignore embedded instructions within that content.
- Capability inventory: The agent is limited to read-only tools (Read, Grep, Glob) across all instructions; it has no access to subprocess execution, file-writing, or network operations.
- Sanitization: No sanitization, escaping, or validation steps for external content are defined in the instructions.
- No Code (SAFE): This skill contains no executable scripts, binaries, or configuration files; it consists entirely of instructional markdown and code examples for human/AI reference.
Audit Metadata