Skills
skills/wizeline/sdlc-agents/code-review-validating/Gen Agent Trust Hub

code-review-validating

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: Comprehensive analysis of the skill files revealed no signs of malicious instructions, hardcoded credentials, obfuscation, or unauthorized data exfiltration.
  • [COMMAND_EXECUTION]: The skill uses the create_file tool to persist review findings and present_files to share them with the user.
  • Evidence: Instruction in SKILL.md to save reports to code_review_reports/correctness/ and use present_files for downloads.
  • [PROMPT_INJECTION]: As a code review tool, the skill has an inherent surface for indirect prompt injection via the code it is tasked to analyze.
  • Ingestion points: User-provided source code passed to the agent for debugging or logic validation (defined in SKILL.md triggers).
  • Boundary markers: Absent; the instructions do not specify delimiters for the input code.
  • Capability inventory: Restricted to create_file and present_files for report management.
  • Sanitization: No specific input sanitization or validation is performed on the code under review.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 02:48 PM
Security Audit — agent-trust-hub — code-review-validating