code-review
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to process external, potentially untrusted data such as pull requests, commits, and diffs. This introduces a surface for indirect prompt injection where malicious instructions could be embedded in code comments or metadata within the diff to influence the agent's behavior.
- Ingestion points: Pull requests, commits, diffs, and patches (SKILL.md).
- Boundary markers: The instructions do not define specific delimiters or instructions to ignore commands embedded within the reviewed code changes.
- Capability inventory: The skill is configured for analysis and reporting; no dangerous capabilities like arbitrary shell execution are specified.
- Sanitization: No explicit sanitization or escaping of the input data is defined in the workflow.
Audit Metadata