code-review
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute standard local commands such as
git diff,npm run test, andmake checkto identify modified files and verify project health. These operations are restricted to the local development environment and are appropriate for the skill's stated purpose of code auditing. - [INDIRECT_PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it processes external, potentially untrusted data.
- Ingestion points: PR descriptions, linked issues, task specifications, and source code files (SKILL.md).
- Boundary markers: Absent; no specific delimiters are defined for separating untrusted input from the agent's instructions.
- Capability inventory: The agent can execute local shell commands (
git,npm,make) and write findings to the output (SKILL.md). - Sanitization: Absent; the instructions do not specify validation or sanitization of external data before analysis.
Audit Metadata