code-review
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill implements a robust defense-in-depth approach against prompt injection. In the 'Untrusted Content' section, it explicitly instructs the agent to treat all content within a pull request—including diffs, comments, and descriptions—as evidence to be evaluated rather than instructions to be followed, which directly mitigates attempts to steer the agent's behavior through the data it reviews.
- [EXTERNAL_DOWNLOADS]: External references in the grounding metadata target trusted organizations (such as Google, GitHub, OpenAI, and Anthropic) and well-known industry services. These references are used for documentation and best-practice alignment.
- [SAFE]: Although the skill has access to the
Bashtool, its instructions are limited to analytical and search-based tasks, such as usingGrepto identify call sites and trace the blast radius of code changes, rather than the execution of untrusted code.
Audit Metadata