code-reviewer
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes external source code using
read_file, creating a surface for indirect prompt injection. 1. Ingestion points: Untrusted data enters viaread_fileandgrep_searchon target files. 2. Boundary markers: Absent; there are no instructions for the agent to ignore commands embedded in the files. 3. Capability inventory:run_in_terminalandread_file. 4. Sanitization: Absent; the content is processed directly. - [Command Execution] (SAFE): The skill utilizes
run_in_terminalto executeruffandmypy. These are standard, reputable static analysis tools. In this context, the commands are static and do not incorporate unvalidated user-provided input into the command line execution, which minimizes risk.
Audit Metadata