skills/lvlup-sw/exarchos/review/Gen Agent Trust Hub

review

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes standard development commands to facilitate the code review process.
  • Evidence: It uses git diff main...HEAD to retrieve changes and npm scripts (such as npm run test:run, npm run test:coverage, and npm run typecheck) to verify code compliance and test adequacy.
  • [SAFE]: The skill incorporates comprehensive security and quality guidelines that follow industry best practices.
  • Evidence: The file references/security-checklist.md implements a detailed review framework based on the OWASP Top 10 patterns, including checks for injection, credential exposure, and access control failures.
  • Evidence: The skill defines an adversarial posture and provides a structured rationalization-refutation.md reference to prevent the agent from accepting common excuses to skip quality or security gates.
  • [SAFE]: The skill uses an MCP-based orchestration system for sensitive operations, ensuring that state transitions and automated scanning are handled via the vendor's specialized tools.
  • Evidence: Use of exarchos_orchestrate and exarchos_workflow actions for security scanning (check_security_scan), static analysis, and workflow state management.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 06:24 PM
Security Audit — agent-trust-hub — review