Skills
skills/compozy/skeeper/cy-impl-peer-review/Gen Agent Trust Hub

cy-impl-peer-review

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes Git CLI commands (git diff, git log, git status, git grep) to resolve the implementation scope and perform readiness checks before initiating a review.
  • [COMMAND_EXECUTION]: It invokes the vendor's tool, compozy exec, to transmit code diffs and context to an external LLM (Claude Opus) for analysis.
  • [COMMAND_EXECUTION]: It runs user-defined verification commands, such as make verify, after performing any remediation steps to validate that code changes did not break the build.
  • [SAFE]: The skill incorporates a robust security auditing section in its review prompt, instructing the LLM to specifically identify credential leaks, SQL/command injection, and broken authorization patterns.
  • [SAFE]: The procedure enforces strict human-in-the-loop controls; no findings are applied, and no commits or pushes are executed without explicit user instruction.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 11:08 AM
Security Audit — agent-trust-hub — cy-impl-peer-review