rpi-review
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- Command Execution for Validation: The skill is designed to discover and run project-specific validation commands (e.g.,
package.jsonscripts,pytest,ruff) to verify code changes. - This behavior is restricted to verifying changed files within the project scope as part of the intended review workflow.
- File System Interaction: The skill creates and updates review artifacts within a dedicated
.copilot-tracking/directory. - This practice ensures that internal tracking data is isolated from the primary source code and provides a clear audit trail of validation activities.
- Least Privilege and Subagent Use: The skill prefers using specialized subagents (
RPI Validator,Implementation Validator) for isolated validation tasks, reducing the risk of broad, unconstrained execution context.
Audit Metadata