code-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Prompt Injection] (LOW): The skill contains explicit instructions to override the agent's default behavior of 'performative agreement' (e.g., 'You're absolutely right!'). These constraints are intended to improve software quality but represent a behavioral override of the base model's typical interaction style.\n- [Indirect Prompt Injection] (LOW): The skill processes feedback from external reviewers, creating a vulnerability surface where malicious instructions could be embedded in review comments.\n
- Ingestion points: Feedback reception protocols described in
SKILL.mdandreferences/code-review-reception.md.\n - Boundary markers: The skill relies on a logical evaluation workflow rather than technical delimiters to isolate untrusted input.\n
- Capability inventory: The agent can execute shell commands (git, tests, builds) and dispatch subagents via the 'Task tool'.\n
- Sanitization: The protocol explicitly mandates technical skepticism and verification of all external suggestions before any implementation occurs.\n- [Command Execution] (SAFE): The skill utilizes shell commands (git rev-parse, test runners, build systems) solely for their intended purposes of version control and work verification.
Audit Metadata