code-reviewer
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it is specifically designed to ingest and process untrusted external data.
- Ingestion points: The skill requests access to user-provided code, related files, dependencies, and commit messages during the review process (e.g., in the 'Understand Context' section).
- Boundary markers: No explicit delimiters (like XML tags) or instructions to ignore embedded commands are used to isolate the data being reviewed from the agent's core instructions.
- Capability inventory: The skill utilizes the
memory_storefunction to persist data and is directed to read arbitrary project files and dependencies to gather context. - Sanitization: There is no evidence of sanitization, validation, or specific escaping mechanisms applied to the code or data before it is processed by the agent.
Audit Metadata