react-code-review-patterns
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOWSAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and analyze untrusted external content (React/TypeScript source code).
- Ingestion points: Code provided to the agent for review based on the checklists in
SKILL.md. - Boundary markers: None specified in the instructions to separate code from reviewer instructions.
- Capability inventory: The skill itself contains only markdown checklists and does not define subprocess calls or file-write capabilities.
- Sanitization: No mention of sanitizing or escaping code comments that might contain instructions targeting the AI agent (e.g., instructions in comments intended to mislead the reviewer).
- [Prompt Injection] (SAFE): No instructions found that attempt to override system prompts, bypass safety filters, or extract system-level instructions.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials (API keys, tokens), sensitive file path access, or unauthorized network operations detected.
- [External Downloads] (SAFE): No remote scripts are downloaded or executed, and no unverified third-party dependencies are requested.
- [Obfuscation] (SAFE): No encoded content, zero-width characters, or homoglyphs were found.
Audit Metadata