review-work
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's scripts (Bun/Node.js) manage project metadata and logs securely, incorporating protections against path traversal and symlink exploitation.
- [DYNAMIC_CONTEXT_INJECTION]: The skill utilizes diagnostic shell commands to retrieve git state for review context. This is a legitimate application of dynamic context injection for developer tooling.
- [INDIRECT_PROMPT_INJECTION]: The skill mitigates the risks of processing untrusted code through structured prompt engineering, the use of a dual-agent (reviewer/resolver) synthesis loop, and a self-regulation gate that prevents anomalous modifications to the codebase.
Audit Metadata