Review Changes
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill processes code changes from external files, creating an indirect prompt injection surface where malicious content in the code could attempt to influence the agent's review results.
- Ingestion points: Tools such as detect_changes and query_graph ingest external code into the context (SKILL.md).
- Boundary markers: No explicit markers or instructions to ignore embedded instructions are provided.
- Capability inventory: The skill uses read-only analysis tools, which significantly limits the potential impact of any successful injection.
- Sanitization: No sanitization or validation of the ingested code is mentioned in the instructions.
- [NO_CODE]: This skill contains no executable scripts or system configurations, consisting entirely of markdown-based instructions for the AI agent.
Audit Metadata