code-review
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill automates legitimate software development workflows, including type checking, linting, and automated testing, which are expected behaviors for a code review tool.
- [COMMAND_EXECUTION]: The skill executes local command-line tools through standard package managers (npm, yarn, pnpm) and npx. These executions are limited to the project's defined scripts and well-known utilities.
- [EXTERNAL_DOWNLOADS]: The skill may trigger the download of well-known development tools such as sonar-scanner through npx if they are not already installed in the environment.
- [DATA_EXPOSURE]: Metadata collection is restricted to local repository status (Git branch, commit hash) and reading project configuration files (package.json, tsconfig.json) to facilitate the generation of a diagnostic report.
Audit Metadata