code-reviewer
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill requests access to the Read, Grep, and Glob tools to navigate and analyze the codebase. This access is necessary for its stated purpose of identifying bugs and vulnerabilities.
- [PROMPT_INJECTION]: Instructions define the agent's role as a senior engineer and provide strict behavioral guidelines. These instructions are intended to ensure professional and thorough reviews and do not attempt to override safety guardrails.
- [DATA_EXFILTRATION]: The skill processes local source code to provide feedback. There are no instructions or tools that facilitate the exfiltration of this data to external servers.
- [SAFE]: The skill follows security best practices for AI agents, using local tools for analysis and providing references for common vulnerabilities. Note: While the skill ingests untrusted code (Ingestion points: PR descriptions and file content in SKILL.md; Boundary markers: Absent; Capability inventory: Read, Grep, Glob; Sanitization: Absent), its functionality is limited to analysis without execution, presenting minimal risk.
Audit Metadata