code-review
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a standard implementation for code quality and security analysis. It does not contain any hardcoded credentials or indicators of malicious intent.
- [COMMAND_EXECUTION]: The skill includes a hook that executes a local script via Node.js (
code-review-stop.js) located within the plugin's root directory. This is used for cleanup or stopping the review process and does not involve untrusted remote sources. - [PROMPT_INJECTION]: The skill is designed to ingest and analyze external code files and pull requests. This behavior creates a surface for indirect prompt injection if the code being reviewed contains instructions intended to manipulate the agent's behavior. The skill instructions do not currently include explicit boundary markers or 'ignore embedded instructions' warnings for the processed data.
- [EXTERNAL_DOWNLOADS]: The skill imports a local template file (
phase-8-review.template.md) from the plugin root. No external network downloads or remote script executions were identified.
Audit Metadata