kamae-review
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is to provide an analytical checklist for evaluating TypeScript code quality and security, which is a legitimate and safe use case.
- [SAFE]: The process of loading configuration and override rules from designated directories such as
.claude/rules/and~/.claude/rules/is a standard practice for developer-oriented tools and does not constitute unauthorized file access. - [SAFE]: No network exfiltration, hardcoded credentials, or remote code execution patterns were found in the skill or its associated checklist files.
- [PROMPT_INJECTION]: As a code review tool, the skill naturally ingests untrusted source code. While this creates a surface for indirect prompt injection, the risk is mitigated by the skill's focus on structured technical analysis and its use of predefined checklists to guide the agent's behavior. Because this behavior is central to the skill's primary purpose, it does not escalate the verdict.
Audit Metadata