code-review
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill uses Python scripts to perform local static analysis of codebase quality and security. These scripts scan files for patterns of vulnerabilities (such as secrets or injection risks) and quality issues (such as complexity or code duplication) without executing the code itself.
- [COMMAND_EXECUTION]: The skill invokes standard system utilities (e.g., git, find) and official security audit tools (e.g., npm audit, pip-audit, govulncheck) via subprocess calls. These commands are part of the intended project-auditing functionality and are used in a controlled manner.
- [EXTERNAL_DOWNLOADS]: Dependency audit tools invoked by the skill may reach out to official registries (like npm or PyPI) to check for known vulnerabilities. This is standard and expected behavior for these well-known services.
- [SAFE]: No evidence of data exfiltration, obfuscation, or unauthorized persistent access was found. The skill operates locally on the project data provided by the user.
Audit Metadata