code-review
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection due to its core functionality of reading and analyzing untrusted external content.
- Ingestion points: The skill utilizes
Read,Grep, andGlobtools to ingest and process external source code and pull request data (SKILL.md). - Boundary markers: There are no specific instructions or delimiters defined to prevent the agent from following instructions that might be embedded within comments, documentation, or string literals in the code being reviewed.
- Capability inventory: The skill is limited to read-only file operations (
Read,Grep,Glob) and does not possess capabilities for file writing, network communication, or arbitrary command execution. - Sanitization: No sanitization or filtering mechanisms are implemented to distinguish between code-under-review and potential instructions embedded within that code.
Audit Metadata