reviewing-code

Pass

Audited by Gen Agent Trust Hub on Jul 4, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of untrusted external content. An attacker could embed instructions within a code diff or pull request description to manipulate the agent's review output.
  • Ingestion points: SKILL.md specifies that the agent should infer intent and review content from user requests, diffs, issues, and PR/MR descriptions.
  • Boundary markers: The instructions do not define clear delimiters or use specialized prompts to isolate the external code content from the operational instructions.
  • Capability inventory: The skill does not explicitly invoke shell commands or network tools, but it operates within an agent context that may have such tools available.
  • Sanitization: There is no requirement or logic for sanitizing or escaping the content being reviewed before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 4, 2026, 02:00 PM
Security Audit — agent-trust-hub — reviewing-code