code-review
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is purely instructional, guiding the agent through a manual code review process. It focuses on identifying logical errors and best practices in research scripts.
- [PROMPT_INJECTION]: The skill exhibits an Indirect Prompt Injection surface because it is designed to ingest and process untrusted external data (Stata/R/Python source code files).
- Ingestion points: Reads files from paths provided in
$ARGUMENTSor searched project directories (e.g.,~/Dropbox/Github/). - Boundary markers: Absent; the instructions do not define specific delimiters or instructions to ignore embedded commands within the code files.
- Capability inventory: The skill uses file reading to analyze code and file writing to generate markdown reports and optional "corrected" versions of scripts.
- Sanitization: No sanitization or filtering is performed on the content of the scripts being reviewed.
- [DATA_EXFILTRATION]: While the skill reads local files, it does not contain any instructions or patterns for sending data to external network destinations. Reports are saved locally in the project directory.
Audit Metadata