code-review
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill is designed for security and quality assurance, incorporating checks for hardcoded secrets, injection vulnerabilities, and performance anti-patterns in the code it reviews.- [COMMAND_EXECUTION]: Utilizes standard developer tools (git and GitHub CLI) to fetch branch differences, log entries, and Pull Request metadata. These commands are consistent with the skill's stated purpose of reviewing code changes.- [PROMPT_INJECTION]: The skill ingests untrusted data from git diffs and commit messages. While it does not utilize explicit boundary delimiters to prevent instructions within those diffs from influencing the agent (Indirect Prompt Injection), the risk is low as the skill only generates descriptive feedback and does not execute the code being analyzed.
Audit Metadata