merge-ready
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a structured and secure workflow for auditing and preparing code changes without detected malicious patterns.
- [COMMAND_EXECUTION]: Employs standard developer tools including git for repository management and pnpm for running local validation checks such as linting and type-checking.
- [DATA_EXFILTRATION]: Network operations are restricted to authorized actions such as pushing code to the origin repository and updating Pull Request descriptions.
- [PROMPT_INJECTION]: The skill manages potential indirect prompt injection from repository code (ingestion point: git diff on repo files) by requiring independent 'verification subagents' (sanitization) to adversarially check all findings before implementation. Capabilities defined in SKILL.md include subprocess calls (git, pnpm) and file modification, which are protected by this verification phase and the final review requirements.
Audit Metadata