code-review-expert
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- PROMPT_INJECTION (SAFE): The instructions are focused on providing structured code reviews. No bypass markers, 'ignore previous instructions', or system prompt extraction patterns were found. The skill maintains a 'review-first' posture.
- DATA_EXFILTRATION (SAFE): While the skill accesses the codebase via git and search tools, it does so to fulfill its stated purpose of code review. There are no network operations targeting external domains or attempts to access sensitive system files like SSH keys or AWS credentials.
- OBFUSCATION (SAFE): No Base64, zero-width characters, homoglyphs, or hex/URL encoding were detected in the instructions or metadata.
- REMOTE_CODE_EXECUTION (SAFE): The skill does not attempt to download external scripts or execute code from remote URLs. It relies on locally available tools (git, rg, grep).
- INDIRECT_PROMPT_INJECTION (LOW): As a code review tool, the skill naturally processes untrusted data (code diffs). While an attacker could embed malicious instructions in code comments within a PR to influence the agent's review, the skill's structured workflow and requirement for human confirmation before applying fixes mitigate the impact. This is an inherent risk of the use-case rather than a malicious feature of the skill.
- PRIVILEGE_ESCALATION (SAFE): No use of sudo, administrative commands, or attempts to modify system-level permissions were found.
- PERSISTENCE (SAFE): No attempts to modify shell profiles, cron jobs, or startup services were detected.
Audit Metadata