Skills
skills/wizeline/sdlc-agents/code-review-optimizing/Gen Agent Trust Hub

code-review-optimizing

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill performs reviews on untrusted source code provided by users, which creates an indirect prompt injection attack surface.\n
  • Ingestion points: User-provided source code files ingested for performance analysis in SKILL.md.\n
  • Boundary markers: Absent. The skill instructions do not require the use of delimiters or specify that the agent should ignore natural language instructions found within comments or string literals in the reviewed code.\n
  • Capability inventory: The skill uses the create_file tool to save reports and present_files to provide them to the user, allowing for persistent output based on processed data.\n
  • Sanitization: Absent. While the skill defines a slugging convention for report filenames, it does not specify sanitization or validation for the content extracted from user code before it is included in the generated reports.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 03:29 AM
Security Audit — agent-trust-hub — code-review-optimizing