Skills
skills/cognitedata/builder-skills/flows-code-review/Gen Agent Trust Hub

flows-code-review

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute npm outdated, npm audit, and test runners such as vitest and jest. These commands are used to perform technical audits of the project's dependencies and code coverage as part of the review process.
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface. Ingestion points: The skill reads local TypeScript files (.ts, .tsx) and other skill configuration files (SKILL.md) to gather guidance and analyze code. Boundary markers: No explicit delimiters or instructions are provided to help the agent ignore or bypass potential instructions embedded within the analyzed source code. Capability inventory: The agent has access to Bash, Write, Read, Glob, and Grep tools. Sanitization: Content from the ingested files is processed without filtering or sanitization steps to neutralize embedded instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 11:13 AM
Security Audit — agent-trust-hub — flows-code-review