review-automation-orchestrator
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a legitimate workflow manager for repository maintenance. Its instructions focus on task dispatching and result normalization across internal tools like
api-contract-reviewandskill-authoring.- [PROMPT_INJECTION]: The content does not contain any instructions intended to bypass safety guardrails, override system prompts, or extract internal configuration. The 'Minimum self-check' and 'Workflow' sections are standard operational guidelines.- [DATA_EXFILTRATION]: There are no network operations, hardcoded credentials, or access to sensitive local files (e.g., .ssh, .env) outside of the repository's own configuration files related to the vendor's context.- [REMOTE_CODE_EXECUTION]: The skill does not perform external downloads or execute untrusted scripts. References to other skills (e.g.,codebase-audit) represent internal tool identifiers within the agent's environment.- [COMMAND_EXECUTION]: While the skill can generate pull requests, this behavior is a primary, explicitly stated function for repository maintenance and is gated by heuristics (confidence/impact) described inreferences/escalation-matrix.md.
Audit Metadata