code-review-excellence

Pass

Audited by Gen Agent Trust Hub on May 30, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface due to its core function of analyzing untrusted code and its permissions to execute shell commands.
  • Ingestion points: As specified in SKILL.md, the agent uses the Read, Grep, and Glob tools to ingest and analyze source code from external repositories or pull requests.
  • Boundary markers: Absent. The skill instructions do not require the agent to use XML tags, markdown delimiters, or other boundary markers to isolate the untrusted code being reviewed from its internal instructions.
  • Capability inventory: The skill allows the use of the Bash tool to run linting, building, and testing commands, which could be exploited if malicious code being reviewed triggers dangerous shell behavior (e.g., via a malicious Makefile).
  • Sanitization: No sanitization or validation of the ingested code content is performed by the skill's instructions.
  • [SAFE]: No malicious patterns, obfuscation, or data exfiltration attempts were detected in the skill's documentation, instructions, or the scripts/pr-analyzer.py Python utility.
Audit Metadata
Risk Level
SAFE
Analyzed
May 30, 2026, 01:08 PM
Security Audit — agent-trust-hub — code-review-excellence