code-review
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides instructional guidelines for pull request reviews, covering build verification, test coverage, and secret detection. It does not include executable code, remote script downloads, or network exfiltration patterns.\n- [PROMPT_INJECTION]: The skill processes untrusted pull request data, which creates an indirect prompt injection surface. Attackers could attempt to influence agent behavior by embedding malicious instructions in code comments or commit messages. This risk is considered minimal as the skill instructions do not grant the agent capabilities for command execution or external data transmission.\n
- Ingestion points: Pull request code and metadata for the contentstack-marketplace-sdk repository.\n
- Boundary markers: Not specified in the instructions.\n
- Capability inventory: Analysis and reporting; no system-level or network capabilities are defined within the skill.\n
- Sanitization: Not specified.
Audit Metadata