code-review
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to analyze untrusted external data (source code) which could contain malicious instructions meant to influence the agent's reasoning.
- Ingestion points: File content is ingested via the
read_file,list_files, andsearch_filestools as specified in SKILL.md. - Boundary markers: The instructions lack explicit delimiters or 'ignore' instructions to separate the code being reviewed from the agent's internal logic.
- Capability inventory: The skill is strictly limited to read-only operations. It does not have access to tools for file modification, command execution, or network communication, which prevents an injection from causing persistent changes or exfiltrating data.
- Sanitization: No sanitization or validation of the ingested code is performed before analysis.
- Data Exposure (INFO): The skill has the capability to read any file the agent can access. While necessary for its function, users should ensure the agent's file system access is scoped to prevent it from reading sensitive configuration files or credentials outside the project context.
Audit Metadata