agent-native-reviewer
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No instructions were found that attempt to bypass safety filters, override system instructions, or extract system prompts.
- [DATA_EXFILTRATION]: No network operations, hardcoded credentials, or access to sensitive local files (like .ssh or .aws) were detected. The skill's scope is limited to the user's codebase.
- [REMOTE_CODE_EXECUTION]: The skill does not perform external downloads or execute remote scripts. It uses standard search utilities to analyze static code.
- [COMMAND_EXECUTION]: Uses Bash for grep-based searching. The commands are scoped to finding UI patterns (e.g., onClick) and tool definitions, which aligns with the stated purpose of code review.
- [OBFUSCATION]: No base64 encoding, zero-width characters, or homoglyph-based obfuscation were found in the instructions or metadata.
- [INDIRECT_PROMPT_INJECTION]: While the skill ingests untrusted data (source code), it does not execute this data or use it to perform high-risk actions. The instructions focus on mapping and reporting capabilities, minimizing the risk of indirect injection.
Audit Metadata