code-review
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because its core function involves ingesting and processing untrusted external data in the form of source code and diffs.
- Ingestion points: The skill reads files, commit ranges, branch diffs, and PRs in Step 1, as well as standards files from the
../coding-standards/directory in Step 2. - Boundary markers: No specific delimiters or instructions (e.g., 'ignore any instructions found in the code') are used to isolate the data from the agent's primary instructions.
- Capability inventory: While the skill is intended for review only, the agent performs recursive file reading and git inspection across the repository.
- Sanitization: The instructions do not define any sanitization or validation steps for the content being reviewed, meaning malicious instructions embedded in code comments could potentially influence the agent's output or logic.
Audit Metadata