ts-review
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill reads local source code and incorporates it into prompts for external model providers. This potential data exposure is mitigated by a mandatory secret redaction protocol defined in
shared.md, which requires agents to remove secrets, tokens, and credentials before they are included in the review context. - [COMMAND_EXECUTION]: The skill utilizes a 'test runner' to verify code behavior, which is a standard functional requirement for automated testing reviews. This capability is used strictly for validating regression signals and behavior as part of the user-initiated review process.
- [PROMPT_INJECTION]: The skill processes untrusted code, creating a surface for indirect prompt injection. (1) Ingestion points: Local files scoped in
SKILL.md. (2) Boundary markers: None. (3) Capability inventory: File reading, writing, and test execution. (4) Sanitization: Mandatory redaction of sensitive values. The risk is mitigated by 'Non-deference' and 'Adversarial' instructions inSKILL.mdandshared.mdthat explicitly direct the agent to treat reviewed code as data rather than authoritative instructions, reducing the likelihood of the agent obeying embedded malicious prompts.
Audit Metadata