scan-code-review-rules
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it performs comprehensive scans of the codebase, including source files and configuration files (e.g., .eslintrc, .prettierrc), without using boundary markers or sanitization to distinguish data from instructions. However, the resulting analysis is limited to local documentation tasks.
- [DATA_EXFILTRATION]: The skill accesses project configuration files and observes secrets management patterns to document conventions. No network tools or external data transfer mechanisms are utilized, ensuring that findings are restricted to the local project environment.
Audit Metadata