metric-design-review-board

Pass

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill incorporates defensive design principles, specifically including adversarial test fixtures in tests/fixtures/adversarial.md and instructions in references/acceptance-tests.md to ensure the agent refuses overclaim pressure and maintains logical boundaries when processing potentially misleading input.
  • [COMMAND_EXECUTION]: The validation script scripts/quick_validate_skill.py uses subprocess.run to execute the local contract test suite. This is a standard development practice for skill integrity and is restricted to executing known files within the skill folder using the Python standard library.
  • [REMOTE_CODE_EXECUTION]: The testing script tests/test_skill_contract.py utilizes the compile() function to perform static syntax verification on Python files within the package. This is used for validation and does not execute untrusted or externally sourced code.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 3, 2026, 09:30 AM
Security Audit — agent-trust-hub — metric-design-review-board