code-review
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests and processes untrusted code changes from pull requests and merge requests.
- Ingestion points: The agent reads the diff, surrounding files, and project structure of external code changes (README.md, SKILL.md).
- Boundary markers: There are no explicit delimiters or instructions to treat the reviewed code as untrusted data or to ignore embedded instructions within that code.
- Capability inventory: While the instructions specify providing textual feedback and not modifying code, the underlying agent may possess broader capabilities (file system access, shell execution) that could be targeted by an injection.
- Sanitization: No validation or sanitization is performed on the content of the code being reviewed to prevent malicious instructions in comments or strings from influencing the agent's behavior.
Audit Metadata