code-review
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes several untrusted inputs, including source code, test suites, and design documentation, which presents a risk of indirect prompt injection.
- Ingestion points: Untrusted data enters the agent context through the
source-code,test-suite,task-list,api-contract, andarchitecture-docinputs specified inSKILL.md. - Boundary markers: The skill instructions do not specify the use of delimiters or boundary markers to isolate these external inputs from the agent's core instructions.
- Capability inventory: The skill is designed for comprehensive code analysis and reporting; it also references the automated execution of a Python-based scanner (
scripts/hooks/no_magic_values_scan.py) within the repository environment. - Sanitization: No sanitization, validation, or escaping procedures are defined for the content of the ingested files.
- [COMMAND_EXECUTION]: The skill instructs the user to execute
git config core.hooksPath .githooks. This command modifies the local git configuration to look for hook scripts in a specific directory within the repository, which determines which scripts are executed during git lifecycle events.
Audit Metadata