code-review

Pass

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No security issues were detected in the skill's instructions or metadata.
  • [PROMPT_INJECTION]: The instructions are designed to guide the agent through a logical review process and do not include techniques to bypass safety guardrails or ignore system instructions.
  • [DATA_EXFILTRATION]: There are no patterns involving the access of sensitive files (e.g., credentials, SSH keys) or the transmission of data to external servers.
  • [EXTERNAL_DOWNLOADS]: References to external tools such as reviewdog and Danger JS, as well as GitHub and GitLab documentation, are for informational purposes and target well-known, trusted platforms.
  • [COMMAND_EXECUTION]: Although the skill configuration allows the use of shell tools, the instructions do not execute any commands or dynamically generate shell scripts from user input.
  • [INDIRECT_PROMPT_INJECTION]: While the skill processes untrusted code diffs, it does not provide an automated execution path for instructions embedded within that data, and its focus on critical evaluation mitigates standard injection risks.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 27, 2026, 04:58 AM
Security Audit — agent-trust-hub — code-review