role-reviewer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No malicious override or bypass instructions were detected. The role-play instruction is used legitimately for defining a persona.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths, or network operations are present in the skill.
- Obfuscation (SAFE): The content is clear markdown with no hidden characters, encoding, or homoglyphs.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not install any packages or download/execute remote scripts.
- Indirect Prompt Injection (LOW):
- Ingestion points: The skill is designed to process and review user-provided code as mentioned in the 'Workflow' section.
- Boundary markers: There are no explicit delimiters or instructions to ignore embedded instructions within the code being reviewed.
- Capability inventory: The skill has no capabilities to execute commands, write files, or access the network.
- Sanitization: No sanitization logic is provided for the input code.
- Conclusion: While the skill processes untrusted data, the lack of dangerous capabilities mitigates the risk to a negligible level.
Audit Metadata