code-review-web
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a set of instructional guidelines for code review and does not contain any executable code, scripts, or suspicious commands.
- [DATA_EXPOSURE]: The skill provides defensive security guidance, specifically instructing the agent to check for hardcoded secrets, improperly prefixed environment variables (e.g.,
NEXT_PUBLIC_), and sensitive data in URLs. - [PROMPT_INJECTION]: No behavioral override patterns or attempts to bypass safety filters were found. The instructions are aligned with the stated purpose of code analysis and debugging.
- [REMOTE_CODE_EXECUTION]: There are no patterns involving the download or execution of remote scripts. All referenced commands (like
curlfor revalidation) are provided as examples for the user's manual debugging process rather than automated execution. - [INDIRECT_PROMPT_INJECTION]: While the skill is designed to process untrusted code for review (an attack surface), it does not request capabilities that would allow the ingested code to be executed or to interact with the host system. The workflow is purely analytical.
Audit Metadata