review-hgsc
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill defines a complex persona and structured reporting templates for source code review. These instructions are stylistic and do not attempt to override agent safety protocols or perform unauthorized operations.
- [PROMPT_INJECTION]: The skill operates by analyzing user-provided source code, which constitutes an indirect prompt injection attack surface. 1. Ingestion points: User-provided directories, modules, and file contents (SKILL.md). 2. Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded commands within the code being reviewed. 3. Capability inventory: The skill is instructed to locate implementations and dependencies, which requires file-reading capabilities. 4. Sanitization: No specific sanitization, escaping, or validation of the external code is described in the instructions. This surface is inherent to the intended primary purpose of code analysis.
- [SAFE]: No network operations, hardcoded credentials, or persistence mechanisms were detected in the skill content.
Audit Metadata