when-reviewing-code-comprehensively-use-code-review-assistant

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes several shell commands to perform its review functions, such as running linters (ESLint), security scanners (Gitleaks), and test suites (Jest). These are standard operations for a code review tool and are used within their expected contexts.
  • [EXTERNAL_DOWNLOADS]: The skill uses npx to download and run development tools like claude-flow, eslint, and gitleaks from the npm registry. These tools are well-known and standard in the developer ecosystem.
  • [DATA_EXFILTRATION]: No unauthorized data transmission was detected. The skill generates local audit reports (e.g., security-report.json, performance-report.json) and interacts with the project's local directory and session state for analysis purposes.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 03:22 AM
Security Audit — agent-trust-hub — when-reviewing-code-comprehensively-use-code-review-assistant