review-team
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill follows best practices for multi-agent orchestration, including:
- Read-Only Constraints: Sub-agents are explicitly instructed to be read-only and are prohibited from editing files or making commits, limiting the impact of any potential automated actions.
- Command Execution: System commands are restricted to local, non-destructive git operations (
git log,git show,git status,git diff) used solely for scope discovery and intent analysis. - Input Handling: While the skill processes untrusted source code (a surface for indirect prompt injection), it implements structured schema validation (
findings-schema.json) and merge-normalization rules to ensure integrity and consistency of the analysis output. - Privacy: The skill does not perform external network requests to untrusted domains; external references are limited to well-known standard schema repositories.
Audit Metadata