cloudbase-code-review
Pass
Audited by Gen Agent Trust Hub on Jul 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is authored by the official vendor and references legitimate resources including documentation hosted on cnb.cool. All instructions and scripts align with the stated purpose of improving CloudBase project security and compliance. No malicious patterns such as data exfiltration or credential harvesting were detected.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface common to code analysis tools, where instructions embedded in user-provided code could influence agent behavior during semantic review.
- Ingestion points: The skill reads user project files (e.g., .ts, .js, .tsx, .jsx, .html, .sql) from the project directory via the provided lint script and documentation instructions in 'SKILL.md' and the 'references/' directory.
- Boundary markers: No explicit markers or instructions are defined to isolate user content or prevent the agent from obeying instructions found within scanned code during the semantic review phase.
- Capability inventory: The agent utilizing this skill is expected to have access to file system tools and database management utilities (e.g., 'executePgSql', 'managePgDatabase'), which represent the potential impact surface for injection.
- Sanitization: No sanitization or filtering of user code content is performed prior to analysis by the agent.
Audit Metadata