Skills
skills/nielsmadan/agentic-coding/review-cleancode/Gen Agent Trust Hub

review-cleancode

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill includes a --multi flag that directs the agent to send code from the repository to external services (specifically Codex and Gemini) via the second-opinion tool.
  • [PROMPT_INJECTION]: The skill processes untrusted repository files, including source code and project-specific documentation like CLAUDE.md, which creates an attack surface for indirect prompt injection.
  • Ingestion points: Files are read from the conversation context, staged git changes, or the entire repository via glob patterns, alongside the project's CLAUDE.md file.
  • Boundary markers: The instructions lack explicit delimiters or warnings to prevent the agent from executing instructions found within the repository data.
  • Capability inventory: The skill can spawn parallel sub-agents for category-specific scanning and invoke external CLI tools such as second-opinion.
  • Sanitization: There is no mention of content validation, escaping, or filtering for the ingested repository data.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 05:36 PM
Security Audit — agent-trust-hub — review-cleancode