cs-code-review

Pass

Audited by Gen Agent Trust Hub on Jul 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes various shell commands to perform its tasks. It uses git status and git diff to identify changes, which ocr to detect the presence of the review tool, and ocr review to perform line-level code analysis. The ocr command includes variable interpolation for feature slugs and descriptions which, while functional, represents a standard command execution pattern.
  • [DATA_EXPOSURE]: The agent accesses and reads local project files, including source code, git diffs, and configuration files like ~/.paseo/orchestration-preferences.json and .codestable/attention.md. This access is necessary for providing a meaningful code review and follows the skill's stated purpose.
  • [DYNAMIC_EXECUTION]: The skill dynamically creates and manages subagents using the mcp__paseo__create_agent tool. It provides these agents with isolated contexts and specific prompts to perform independent reviews, which is a standard method for ensuring objective analysis.
  • [INDIRECT_PROMPT_INJECTION]: Because the skill processes untrusted data (source code and git diffs) from the repository, it is subject to indirect prompt injection. Maliciously crafted comments or code blocks in the files being reviewed could attempt to influence the agent's output or report findings. The skill attempts to mitigate this by using independent subagents and verifying findings against the local repository facts.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 1, 2026, 07:40 AM
Security Audit — agent-trust-hub — cs-code-review