following-dragons-code-review-guided
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to process untrusted external data in the form of code review comments and PR discussions (Workflow Step 1). This creates a surface for indirect prompt injection where an attacker could embed instructions in a PR comment to influence the agent's classification or code instrumentation logic.
- Ingestion points: Data enters the agent context through the collection of review comments as described in 'SKILL.md'.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the processed comments are provided in the workflow.
- Capability inventory: The skill involves classifying data and generating source code annotations (C/C++), but does not involve direct shell execution or network writes within the instructions themselves.
- Sanitization: No sanitization or validation logic for the input comments is mentioned in the methodology.
Audit Metadata