java-code-review
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill consists of instructional markdown and reference guides for code analysis. No malicious patterns, such as prompt injection, data exfiltration, or obfuscation, were found.
- [Indirect Prompt Injection] (SAFE): While the skill processes untrusted Java source code and build files, which is a surface for indirect prompt injection, the impact is negligible as the skill lacks capabilities for network communication or code execution. 1. Ingestion points: .java files and build configurations (pom.xml, build.gradle) via local filesystem access. 2. Boundary markers: No explicit delimiters or sanitization instructions for provided code are defined. 3. Capability inventory: Restricted to filesystem read operations; no write, network, or execution capabilities are invoked by the skill instructions. 4. Sanitization: None. The primary risk is limited to the agent producing a biased or incorrect review report if the source code contains adversarial comments.
Audit Metadata