artifact-review
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were identified in the skill. The instructions and templates are dedicated to visual report generation. The skill primarily serves as a formatting layer for human-readable artifacts.
- [PROMPT_INJECTION]: While the skill processes untrusted input (PR data, code, and comments) and interpolates it into an HTML template, there is no evidence of malicious instructions or attempts to bypass safety filters. This represents a standard use case for report generation.
- Ingestion points: External PR content is rendered via placeholders in templates/annotated-review.html.
- Boundary markers: None present in the HTML template.
- Capability inventory: The skill is limited to generating a static HTML document; no command execution or network capabilities are defined.
- Sanitization: The template relies on the platform or agent to sanitize inputs before interpolation into the HTML structure.
Audit Metadata