code-review
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses standard Git commands like
git diffandgit logto analyze branch differences. These operations are read-only and occur within the local repository context, posing no risk of data exfiltration or unauthorized system changes. - [SAFE]: The instructions include mandatory safety constraints that explicitly prohibit the agent from applying auto-fixes, making commits, or creating pull requests, ensuring the agent functions strictly as a text-only reviewer.
- [SAFE]: Indirect Prompt Injection Risk Assessment: 1. Ingestion points: Git diff content processed by the agent (SKILL.md). 2. Boundary markers: No explicit delimiters are used for the code content. 3. Capability inventory: Limited to read-only Git commands (SKILL.md). 4. Sanitization: None provided. The risk is negligible as the agent only generates text feedback and lacks the capability to execute the code or perform network operations with the processed data.
Audit Metadata