performing-multi-agent-code-review
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill proactively mitigates Indirect Prompt Injection (CWE-1427) by requiring subagents to use an 'Untrusted Input Boundary'. This directive ensures that any instructions or overrides found within code diffs or PR metadata are treated as data for analysis rather than executable instructions. Ingestion occurs via git diffs and PR titles/descriptions, and the skill provides clear boundary markers to isolate this content.
- [DATA_EXFILTRATION]: The skill implements strict tool discipline, specifically forbidding subagents from using network-capable tools (WebFetch/WebSearch) to ensure code data does not leave the local environment during analysis.
- [COMMAND_EXECUTION]: The orchestrator utilizes standard version control tools (git, GitHub CLI) to gather context, which is consistent with its primary purpose of performing code reviews.
- [EXTERNAL_DOWNLOADS]: Dependencies are restricted to other verified vendor skills from the same author (bitwarden).
Audit Metadata