ohos-dev-graphics-stability-code-review

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill implements a robust and well-documented framework for performing C/C++ code reviews within the OpenHarmony ecosystem. It operates entirely on local rule definitions (Markdown) and configuration files.
  • [INDIRECT_PROMPT_INJECTION]: The skill analyzes user-provided C++ source code, which is an untrusted input source. This presents a theoretical surface for indirect prompt injection (e.g., malicious instructions hidden in code comments). However, the skill's capabilities are restricted to reading code and writing localized reports to a specific directory (./report/), with no network access or administrative command execution available to be exploited.
  • Ingestion points: User-supplied C++ source files and directories provided during trigger commands in SKILL.md.
  • Boundary markers: The agent is instructed to treat input as source code for review against specific rules, though explicit delimiters are not enforced in the instructions.
  • Capability inventory: Local file system read access for scanning code and write access for generating report files.
  • Sanitization: The instructions do not specify explicit sanitization of user-provided code strings before processing.
  • [EXTERNAL_DOWNLOADS]: The utility script scripts/add-rule.py references the PyYAML library. This is a standard and safe dependency used for managing the skill's YAML configuration files.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 08:40 AM
Security Audit — agent-trust-hub — ohos-dev-graphics-stability-code-review