codereview-correctness
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODE
Full Analysis
- [NO_CODE] (SAFE): The skill consists exclusively of instructional markdown content within SKILL.md. There are no Python, Node.js, or shell scripts associated with this skill, precluding any direct code execution risks.
- [PROMPT_INJECTION] (SAFE): The provided instructions are focused on software engineering best practices and do not contain any patterns intended to bypass AI safety filters or override system-level instructions.
- [INDIRECT_PROMPT_INJECTION] (INFO): The skill is designed to analyze external, untrusted code provided by users, which creates an inherent attack surface. Evidence: 1. Ingestion points: Code snippets or files provided for review. 2. Boundary markers: Absent. 3. Capability inventory: None (no file-write, network, or subprocess capabilities). 4. Sanitization: Absent. Risk Assessment: The severity is categorized as INFO because the skill has no side-effect capabilities; it only generates descriptive analysis for the user.
- [DATA_EXFILTRATION] (SAFE): No patterns were identified for accessing sensitive files (such as credentials or SSH keys) or performing unauthorized network operations.
Audit Metadata