review-automation-orchestrator

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill serves as a legitimate workflow manager for repository maintenance. Its instructions focus on task dispatching and result normalization across internal tools like api-contract-review and skill-authoring.- [PROMPT_INJECTION]: The content does not contain any instructions intended to bypass safety guardrails, override system prompts, or extract internal configuration. The 'Minimum self-check' and 'Workflow' sections are standard operational guidelines.- [DATA_EXFILTRATION]: There are no network operations, hardcoded credentials, or access to sensitive local files (e.g., .ssh, .env) outside of the repository's own configuration files related to the vendor's context.- [REMOTE_CODE_EXECUTION]: The skill does not perform external downloads or execute untrusted scripts. References to other skills (e.g., codebase-audit) represent internal tool identifiers within the agent's environment.- [COMMAND_EXECUTION]: While the skill can generate pull requests, this behavior is a primary, explicitly stated function for repository maintenance and is gated by heuristics (confidence/impact) described in references/escalation-matrix.md.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 04:57 PM
Security Audit — agent-trust-hub — review-automation-orchestrator