code-review-graph
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's 'Auto-Bootstrap Protocol' directs the agent to execute shell commands like 'which code-review-graph' and 'code-review-graph build' using its terminal tools. The protocol specifically mandates the auto-execution of the build command to proactively index the codebase.\n- [EXTERNAL_DOWNLOADS]: The skill documentation provides several methods for downloading and installing the 'code-review-graph' package from public registries using package managers like 'pip', 'pipx', and 'uvx'.\n- [PROMPT_INJECTION]: The 'Auto-Bootstrap Protocol' uses imperative language such as 'MANDATORY TOOL USE' and 'you MUST' to ensure the agent prioritizes the tool's setup and execution over standard operating procedures.\n- [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted codebase data, presenting an indirect prompt injection surface. \n
- Ingestion points: Source code files across 19 languages are parsed into an AST graph (SKILL.md).\n
- Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are specified for the codebase files.\n
- Capability inventory: The skill has access to powerful tools including 'Bash', 'Read', 'Grep', and 'Glob'.\n
- Sanitization: The tool relies on structural Tree-sitter parsing but does not document specific sanitization or filtering of the source content to prevent malicious instruction leakage.
Audit Metadata