review-code
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed for local code auditing and does not exhibit any malicious patterns. It adheres to the principle of least privilege by performing read-only operations on the git repository and writing only to a specific local directory structure.
- [COMMAND_EXECUTION]: The skill utilizes local
gitcommands (e.g.,git show,git cat-file,git status) to inspect repository history. These commands are used solely for retrieving diffs and verifying the existence of commits cited in implementation reports. - [DATA_EXFILTRATION]: There are no network-capable commands or external URL references in the skill. All data processing and report generation occur within the local environment.
- [CREDENTIALS_UNSAFE]: The skill contains no hardcoded credentials or secrets. It explicitly includes instructions in its checklist to identify and flag any secrets, tokens, or credentials found in the code changes under review.
- [PROMPT_INJECTION]: The instructions are highly structured and focused on validation logic. There are no attempts to override agent safety guidelines or manipulate the underlying model's behavior.
- [REMOTE_CODE_EXECUTION]: The skill does not download, install, or execute external packages or scripts. It relies on standard local development tools.
Audit Metadata