code-reviewer
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process untrusted external data (code changes) without sufficient isolation.
- Ingestion points: The skill reads external code changes as the first step of its review process (SKILL.md).
- Boundary markers: The instructions do not define delimiters or specific constraints to prevent the agent from following instructions embedded within the code comments or strings being reviewed.
- Capability inventory: The skill execution environment includes access to high-capability tools such as
Bash, along withRead,Grep, andGlob(SKILL.md frontmatter). - Sanitization: There are no sanitization or validation mechanisms defined to filter malicious instructions from the code under review before the agent processes it.
Audit Metadata