code-review-excellence
Pass
Audited by Gen Agent Trust Hub on May 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface due to its core function of analyzing untrusted code and its permissions to execute shell commands.
- Ingestion points: As specified in
SKILL.md, the agent uses theRead,Grep, andGlobtools to ingest and analyze source code from external repositories or pull requests. - Boundary markers: Absent. The skill instructions do not require the agent to use XML tags, markdown delimiters, or other boundary markers to isolate the untrusted code being reviewed from its internal instructions.
- Capability inventory: The skill allows the use of the
Bashtool to run linting, building, and testing commands, which could be exploited if malicious code being reviewed triggers dangerous shell behavior (e.g., via a malicious Makefile). - Sanitization: No sanitization or validation of the ingested code content is performed by the skill's instructions.
- [SAFE]: No malicious patterns, obfuscation, or data exfiltration attempts were detected in the skill's documentation, instructions, or the
scripts/pr-analyzer.pyPython utility.
Audit Metadata