code-review
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface detected. The skill is designed to ingest and process untrusted data (pull requests, diffs, and commit messages) which could contain embedded instructions designed to manipulate the agent's review output.
- Ingestion points:
SKILL.md(Required Inputs: Changed code scope). - Boundary markers: Absent; the prompt does not specify delimiters to separate untrusted code from the agent's instructions.
- Capability inventory: No dangerous capabilities (subprocess execution, network requests, or file-system modifications) are identified within the skill's instructions or referenced files.
- Sanitization: No sanitization or filtering logic for the input data is described.
- [NO_CODE] (SAFE): The skill consists entirely of Markdown instructions and checklists. It does not include any Python scripts, Node.js packages, shell scripts, or binaries, significantly reducing the attack surface for traditional code execution.
Audit Metadata