Skills
skills/avandarlabs/avandar-agent-skills/avandar-code-review/Gen Agent Trust Hub

avandar-code-review

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill directs the agent to use shell commands including git, grep, awk, find, and pnpm test to perform branch comparisons, search for code pattern violations, and execute targeted test suites.
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill ingests untrusted code and documentation from the repository under review, which could contain adversarial instructions intended to influence the agent's behavior.
  • Ingestion points: git diff output, source code files (.ts, .tsx, .sql, .module.css), and repo-local checklists in docs/code-reviews/extra-checklist.md.
  • Boundary markers: None identified; the skill processes untrusted code content without explicit delimiters or instructions to ignore embedded directives.
  • Capability inventory: The agent can modify source code in Auto mode, execute shell commands, and persistently update its own checklist documentation based on input.
  • Sanitization: No sanitization or validation of the untrusted content is performed before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 02:34 AM
Security Audit — agent-trust-hub — avandar-code-review