vibe
Pass
Audited by Gen Agent Trust Hub on May 23, 2026
Risk Level: SAFE
Full Analysis
- [REMOTE_CODE_EXECUTION]: Static analysis hints flagged 'eval' and 'exec' usage in 'references/python-standards.md'. Upon review, these are verified as false positives. The file is a security standards document that provides education on avoiding code injection by demonstrating dangerous patterns and offering safe alternatives like 'ast.literal_eval' or dispatch maps.
- [COMMAND_EXECUTION]: The skill invokes several external command-line tools such as 'git', 'jq', 'radon', 'gocyclo', 'ao', and 'shellcheck'. These are standard development utilities required for the skill's stated purpose of analyzing code complexity and linting.
- [DATA_EXFILTRATION]: The skill accesses local project files and git metadata to perform its analysis. The findings are reported back to the user or written to local report files (e.g., '.agents/council/'). No unauthorized network transmission of sensitive data or credentials was detected.
- [PROMPT_INJECTION]: The skill uses structured prompts to guide sub-agents and the code review council. These prompts follow best practices for objective analysis and do not contain instructions to bypass safety filters or override system constraints.
- [SAFE]: The skill includes extensive documentation on secure coding practices (SQL injection prevention, SSRF protection, path traversal avoidance, etc.) across multiple languages, demonstrating a high degree of security awareness and providing defensive utility to the user.
Audit Metadata