code-reviewer
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill is highly susceptible to Indirect Prompt Injection (Category 8) due to its core function of processing external, attacker-controllable content.
- Ingestion points: As defined in the 'Interaction Protocol' of SKILL.md, the skill ingests 'Code diff or PR reference' and 'linked requirement/ticket'.
- Boundary markers: The instructions do not specify the use of delimiters or provide instructions for the agent to ignore any natural language commands found within the code diffs.
- Capability inventory: Although these specific files do not define tool calls, the skill's output is intended to guide merging decisions and downstream validation by a 'qa-test-engineer'.
- Sanitization: There is no evidence of sanitization or escaping mechanisms for the ingested data, allowing embedded instructions in code comments or PR descriptions to potentially influence the reviewer's behavior.
Audit Metadata