code-review-amplifier
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data (user-provided code and pull request diffs), which represents an indirect prompt injection surface.
- Ingestion points: The skill ingests user-provided code snippets and repository documentation files such as ARCHITECTURE.md as described in Phase 1.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used to separate the analyzed code from the agent's instructions.
- Capability inventory: The skill's operations are limited to generating structured text output; it does not utilize any tools for file system modification, network communication, or command execution.
- Sanitization: There is no evidence of escaping, validation, or filtering of the external code content before it is processed by the agent.
Audit Metadata