review-codebase
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it ingests untrusted data from external codebases for analysis. However, it does not possess capabilities (like network operations or code execution) that would make such an injection actionable. There are no explicit instructions for the agent to disregard embedded directives in the code it reviews, but this is a standard risk for analysis tools and does not constitute a malicious finding.
- [COMMAND_EXECUTION]: No unauthorized or dangerous command execution patterns were found. The skill is designed for static analysis and reporting.
- [DATA_EXFILTRATION]: No network operations or attempts to transmit data to external servers were detected. All analysis is intended to be returned as a report to the user.
Audit Metadata