code-review
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a benign workflow for code analysis, utilizing standard developer tools like git and gh to retrieve code changes. No malicious patterns or data exfiltration attempts were detected.
- [COMMAND_EXECUTION]: The skill utilizes a local Python script,
scripts/split_diff.py, to process large diff files. The script is authored by the skill creator and uses standard libraries for splitting text based on diff headers. It includes sanitization to replace path separators in generated filenames to prevent directory traversal. - [INDIRECT_PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection as it ingests untrusted code diffs from external repositories. 1. Ingestion points: Code changes are gathered from
gh pr difforgit diffinSKILL.md. 2. Boundary markers (absent): No explicit delimiters are used to wrap diff content. 3. Capability inventory: The agent can execute git, gh, and local python scripts. 4. Sanitization (absent): No sanitization of the external diff content is performed.
Audit Metadata