review-work

Pass

Audited by Gen Agent Trust Hub on Jul 4, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill's scripts (Bun/Node.js) manage project metadata and logs securely, incorporating protections against path traversal and symlink exploitation.
  • [DYNAMIC_CONTEXT_INJECTION]: The skill utilizes diagnostic shell commands to retrieve git state for review context. This is a legitimate application of dynamic context injection for developer tooling.
  • [INDIRECT_PROMPT_INJECTION]: The skill mitigates the risks of processing untrusted code through structured prompt engineering, the use of a dual-agent (reviewer/resolver) synthesis loop, and a self-regulation gate that prevents anomalous modifications to the codebase.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 4, 2026, 10:16 PM
Security Audit — agent-trust-hub — review-work