julik-frontend-races-reviewer
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill uses role-play to establish a persona ('Julik') but does not contain instructions to bypass safety filters, ignore prior rules, or extract system prompts.
- [DATA_EXFILTRATION]: No network operations (curl, fetch) or access to sensitive file paths (~/.ssh, .env) were identified. The skill operates purely as a code analysis tool.
- [REMOTE_CODE_EXECUTION]: The skill does not download or execute external scripts. It explicitly discourages the use of unnecessary dependencies.
- [COMMAND_EXECUTION]: There are no subprocess calls or system command executions. The code snippets provided are for the user's reference and are not executed by the agent.
- [CREDENTIALS_UNSAFE]: No hardcoded secrets, API keys, or private tokens were found in the skill body or metadata.
- [INDIRECT_PROMPT_INJECTION]: While the skill processes untrusted user code as part of its review function, it lacks the dangerous capabilities (file writing, network access, or command execution) required to exploit this attack surface.
Audit Metadata