pr-review-appsec-vendored
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The content of the skill is purely instructional, providing guidance for an AI agent to identify security misconfigurations in code related to better-auth, SpiceDB, and Next.js.
- [SAFE]: No external network requests, downloads, or remote code execution patterns were detected. The skill operates within the agent's context using provided text instructions.
- [SAFE]: The YAML frontmatter includes 'disable-model-invocation: true', which restricts the execution environment, further reducing the risk profile.
- [SAFE]: References to sensitive patterns (e.g., API key prefixes like 'sk-*') are used as examples for detection targets during code reviews and do not represent hardcoded credentials within the skill itself.
Audit Metadata