review-python
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is to analyze Python source code for adherence to best practices, such as PEP8, type hints, and proper exception handling. It does not contain executable scripts or commands for external code execution.
- [PROMPT_INJECTION]: The instructions establish clear functional boundaries and include self-checks to ensure the agent remains focused on its intended domain. No patterns were found suggesting attempts to bypass safety filters or override system prompts.
- [DATA_EXFILTRATION]: The skill does not perform network operations. It receives source code as input and produces a findings list as text, with no mechanisms present to transmit data to external servers.
- [INDIRECT_PROMPT_INJECTION]: Although the skill processes untrusted user-provided code, it lacks exploitable capabilities—such as file writing or command execution—that would allow an indirect injection attack to escalate. It functions purely as a diagnostic reporter.
- [CREDENTIALS_UNSAFE]: No hardcoded API keys, secrets, or sensitive configuration files are referenced or stored within the skill's definition.
Audit Metadata