code-review
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill consists exclusively of instructional guidelines in markdown format. It does not include any scripts, configuration files, or executable commands, ensuring it cannot perform unauthorized actions on the host system.
- [NO_CODE]: There is no code shipped with this skill; it acts as a behavioral prompt for the agent.
- [PROMPT_INJECTION]: The skill has an inherent surface for indirect prompt injection as it is designed to process untrusted data from code changes and pull requests.
- Ingestion points: Pull requests and code changes processed at runtime.
- Boundary markers: Absent; the instructions do not define delimiters to separate untrusted code from instructions.
- Capability inventory: No capabilities detected (no subprocess, file-write, or network operations).
- Sanitization: Absent.
Audit Metadata