quality-review
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes git diff for change analysis and npm scripts for code and test validation within the local development environment. These are expected capabilities for a review-focused skill.
- [EXTERNAL_DOWNLOADS]: The documentation suggests installing companion plugins axiom (by vendor lvlup-sw) and impeccable (an established service). These extensions are intended for deeper qualitative and design analysis.
- [PROMPT_INJECTION]: A surface for indirect prompt injection exists as the skill processes untrusted code diffs that influence automated workflow transitions and state updates.
- Ingestion points: Integrated diffs from git or gh processed in SKILL.md.
- Boundary markers: Integrated security and static analysis gates are executed via check_security_scan and check_static_analysis.
- Capability inventory: The agent can execute local shell commands and transition the workflow phase via state updates in auto-transition.md.
- Sanitization: Automated pattern detection and review runbooks are used to evaluate content before triggering automated actions.
Audit Metadata