threads

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is designed with extensive security guardrails to manage autonomous multi-agent repository workflows without introducing malicious patterns.
  • [DATA_EXPOSURE]: Implements a robust 'forbidden_files' policy that explicitly prevents agents from accessing or modifying sensitive configuration files such as AGENTS.md, CLAUDE.md, and environment settings.
  • [INDIRECT_PROMPT_INJECTION]: While the skill ingests external data from GitHub issues and PRs, it mitigates potential injection risks by incorporating a mandatory 'Reviewer' lane tasked with identifying 'security and injection risks' before any code implementation is accepted or merged.
  • [COMMAND_EXECUTION]: Uses standard development CLI tools (git, gh) within isolated worktrees to ensure that parallel tasks do not conflict and that all operations are traceable to specific PRs and branches.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 11:20 AM
Security Audit — agent-trust-hub — threads