dev-security-review
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified in this skill. It operates as a passive code reviewer.
- [INDIRECT_PROMPT_INJECTION]: The skill's primary function involves reading untrusted data (pull request diffs and repository source code), which represents a potential attack surface for indirect prompt injection. However, the risk is mitigated by explicit instructions:
- Ingestion points: The skill reads PR diffs and researches repository context (SKILL.md).
- Boundary markers: No specific boundary markers are requested for the input data, but the agent is directed to trace data flow as a vulnerability assessment task.
- Capability inventory: The skill explicitly forbids the use of the
bashtool and prohibits writing to any files, limiting the agent to read-only analysis and markdown output. - Sanitization: No specific sanitization logic is implemented for the analyzed code, but the lack of dangerous capabilities prevents exploitation.
Audit Metadata