code-review
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill strictly adheres to a report-only policy, ensuring it only writes to a dedicated report directory (
reviews/code-review/) and expressly forbids editing source files. - [SAFE]: Shell tool access is restricted via the
Bash(wc*)tool definition, which limits execution to thewcutility for line counting, preventing arbitrary command execution or system modification. - [SAFE]: The multi-agent orchestration includes a robust validation layer. Sub-agent outputs are parsed as structured JSON and subjected to confidence filtering (dropping findings < 0.60) and deduplication, which effectively sanitizes the data before it is incorporated into the final report.
- [SAFE]: The skill implements a surface for indirect prompt injection by processing untrusted user scripts; however, this is the primary function of the tool. The risk is mitigated by the structured JSON output contract and the orchestrator's parsing logic, which prevents instructions inside the reviewed code from escaping the sub-agent context.
- [SAFE]: Analysis of the instructions, persona catalog, and rubric revealed no evidence of obfuscation, hardcoded credentials, or unauthorized network operations.
Audit Metadata