cb-review
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill functions as a standard code review tool. Its instructions focus on assessing code correctness, safety, and maintainability based on local git diffs and file context.
- [COMMAND_EXECUTION]: The workflow involves running
git diffand relevant quality checks such as linting and tests. These are routine development operations performed on the local machine and are necessary for the skill's stated purpose. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it ingests untrusted code from local files and git history. Evidence: (1) Ingestion points:
git diffoutput and full file reads as specified in SKILL.md. (2) Boundary markers: None mentioned in the instructions. (3) Capability inventory: Local command execution for git and quality checks. (4) Sanitization: No sanitization or escaping mechanisms are defined for the ingested content. This is a characteristic of code-analysis tools and does not escalate the verdict given the lack of dangerous outbound capabilities.
Audit Metadata