code-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is specifically designed to ingest and act upon data from external sources, such as third-party code review feedback, which is an inherent attack surface.
- Ingestion points: External review comments processed in
references/code-review-reception.md. - Boundary markers: The skill relies on cognitive protocols (skepticism, verification loops) rather than technical delimiters like XML tags or clear-text markers to separate reviewer input from system instructions.
- Capability inventory: The skill utilizes
gitCLI operations and theTasktool for subagent dispatch. - Sanitization: The 'Response Pattern' (READ → UNDERSTAND → VERIFY → EVALUATE) serves as a logical sanitization layer, instructing the agent to evaluate technical correctness before execution.
- [Prompt Injection] (SAFE): The skill contains strong, absolute instructional language (e.g., 'The Iron Law', 'Non-negotiable', 'If you lie, you'll be replaced'). These are identified as quality enforcement mechanisms for code-review rigor rather than attempts to override system safety or global constraints.
- [Command Execution] (SAFE): The skill encourages the use of standard development tools like
gitand linter/test execution. These are used for status verification as part of a developer-oriented workflow and do not involve shell injection or obfuscated commands.
Audit Metadata