solid-code-review
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data in the form of git diffs and source code files. This creates a surface for indirect prompt injection, where malicious instructions could be embedded in the code being reviewed to influence the agent's analysis or behavior. However, the skill mitigates this risk by requiring a self-check and confidence assessment from the agent, and by mandating explicit user approval before any code modifications are applied.
- [COMMAND_EXECUTION]: The instructions utilize standard development tools, including git, grep, and ripgrep (rg), to gather context about the codebase. These tools are used appropriately for their intended purpose of code analysis within the local repository environment.
- [DATA_EXPOSURE]: The workflow involves identifying and reading critical code paths, such as those related to authentication and data writes, to perform a security review. This access is necessary for the skill's primary function and does not involve exfiltrating sensitive information to external systems.
Audit Metadata