code-review
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected during the analysis of the skill's instructions and commands.
- [COMMAND_EXECUTION]: The skill executes standard Rails analysis tools (
bin/brakeman,bin/bundler-audit,bundle exec rubocop) within the local environment. These commands are typical for the skill's stated purpose of auditing code quality and security and do not involve arbitrary or risky command injection. - [PROMPT_INJECTION]: The skill processes external code files, which creates a theoretical surface for indirect prompt injection. This is mitigated by the skill's explicit constraints requiring the agent to only read and analyze data without performing any code modifications (e.g., "You NEVER modify code — you only read, analyze, and report findings").
- Ingestion points: User-provided file or directory paths.
- Boundary markers: Explicit "NEVER modify code" instruction acting as a behavioral constraint.
- Capability inventory: Execution of static analysis tools and file reading.
- Sanitization: None explicitly defined for the code content being analyzed.
Audit Metadata