code-quality-reviewer
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute verification tools such as
tsc(TypeScript compiler) and the project's test suite during the refactoring process. These are standard development operations and do not involve unsanitized user input or suspicious flags. - [DATA_EXPOSURE_EXFILTRATION]: While the skill reads codebase files (Step 2), it contains no network operation patterns (e.g., curl, wget) or attempts to access sensitive system files like credentials or SSH keys.
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process untrusted data from the user's codebase, which presents a standard attack surface.
- Ingestion points: Reads files across the repository during the audit phase (SKILL.md, Step 2).
- Boundary markers: None explicitly defined in the instructions to separate code content from agent instructions.
- Capability inventory: The skill possesses file read/write capabilities and the ability to execute build/test commands (SKILL.md, Step 4 & 5).
- Sanitization: No specific sanitization or filtering of code comments or strings is implemented.
Audit Metadata