review
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard development commands to facilitate the code review process.
- Evidence: It uses
git diff main...HEADto retrieve changes andnpmscripts (such asnpm run test:run,npm run test:coverage, andnpm run typecheck) to verify code compliance and test adequacy. - [SAFE]: The skill incorporates comprehensive security and quality guidelines that follow industry best practices.
- Evidence: The file
references/security-checklist.mdimplements a detailed review framework based on the OWASP Top 10 patterns, including checks for injection, credential exposure, and access control failures. - Evidence: The skill defines an adversarial posture and provides a structured
rationalization-refutation.mdreference to prevent the agent from accepting common excuses to skip quality or security gates. - [SAFE]: The skill uses an MCP-based orchestration system for sensitive operations, ensuring that state transitions and automated scanning are handled via the vendor's specialized tools.
- Evidence: Use of
exarchos_orchestrateandexarchos_workflowactions for security scanning (check_security_scan), static analysis, and workflow state management.
Audit Metadata