peach-review-ux
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is explicitly defined as a read-only utility. Its core principles strictly prohibit file modifications, git commits, or staging operations, ensuring that its activities are limited to observation and reporting.
- [DATA_EXPOSURE]: Although the skill accesses local project files (Vue files, specifications) and browses external URLs to perform its reviews, it does not show any signs of credential harvesting or unauthorized data transmission. The access is strictly scoped to the user-provided review targets.
- [INDIRECT_PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it ingests untrusted content from external URLs and file paths. However, this is mitigated by the skill's rigid workflow, which mandates the use of a specific markdown template for output and focuses purely on heuristic UX evaluation.
Audit Metadata