code-review
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external code as input, which presents a surface for indirect prompt injection. A malicious actor could embed instructions within code comments or string literals to bypass security checks or influence the agent's final verdict.
- Ingestion points: Step 2 of the review process in
SKILL.mdrequires the agent to read each changed file fully. - Boundary markers: The instructions lack explicit delimiters or system-level warnings to distinguish the code being analyzed from the agent's core instructions.
- Capability inventory: The skill's capabilities are restricted to generating text-based review reports. It does not have access to the file system (beyond reading), network operations, or subprocess execution.
- Sanitization: No sanitization or validation logic is defined to filter or escape potential injection patterns within the ingested code.
Audit Metadata