receiving-code-review
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security threats were detected. The skill defines a protocol for technical rigor during code reviews.
- [PROMPT_INJECTION]: The skill uses strong instructional language and behavioral constraints (e.g., forbidding performative agreement like 'You're absolutely right!') to ensure technical correctness during interactions. These are benign workflow instructions rather than a malicious injection.
- [SAFE]: The skill processes untrusted external feedback, which is an indirect prompt injection surface. It mitigates this risk through a mandatory verification loop. Ingestion points: external code review comments from human partners or third-party reviewers. Boundary markers: separate handling logic for trusted versus external sources. Capability inventory: uses 'gh api' for GitHub responses and 'grep' for codebase searching. Sanitization: requires technical verification against the existing codebase and tests before implementation.
Audit Metadata