code-review
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified. The skill is designed to perform code reviews using a restricted set of tools for reading files and git history.
- [COMMAND_EXECUTION]: Utilizes the Bash tool for specific git subcommands (diff, log, show, blame) to gather context for changes, which is appropriate for its stated purpose.
- [DATA_EXFILTRATION]: No unauthorized data exposure or exfiltration patterns were detected. All data access is local to the repository and no network operations are defined.
- [PROMPT_INJECTION]: The skill follows a structured analytical workflow and does not contain any instructions that attempt to override AI safety guidelines or bypass constraints. Analysis of indirect injection risk: Ingestion points include file reading (Read, Glob, Grep) and git history retrieval (Bash); Boundary markers are not explicitly defined; Capability inventory is limited to read-only filesystem and git operations; Sanitization of ingested code is not performed. Given the restricted toolset and the analytical nature of the output, the indirect injection surface is assessed as safe.
Audit Metadata