code-reviewer
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes
rg(ripgrep) and repository-specific duplicate-code detection tools to explore the codebase. These are standard developer operations and are restricted to the local repository context.\n- [PROMPT_INJECTION]: As a code review tool, the skill processes untrusted input such as source code and diffs. While this constitutes an indirect prompt injection surface, the workflow requires concrete reproductions for critical findings, which significantly mitigates the risk of being influenced by instructions embedded in the analyzed code.\n - Ingestion points: Target files, directories, and git diffs (SKILL.md).\n
- Boundary markers: No explicit delimiters are used to isolate input code content.\n
- Capability inventory: ripgrep search, duplicate-code checks, and file system read access (SKILL.md).\n
- Sanitization: No explicit sanitization or filtering of input content is specified.
Audit Metadata