skills/tstelzer/skills/ts-review/Gen Agent Trust Hub

ts-review

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFE
Full Analysis
  • [DATA_EXFILTRATION]: The skill reads local source code and incorporates it into prompts for external model providers. This potential data exposure is mitigated by a mandatory secret redaction protocol defined in shared.md, which requires agents to remove secrets, tokens, and credentials before they are included in the review context.
  • [COMMAND_EXECUTION]: The skill utilizes a 'test runner' to verify code behavior, which is a standard functional requirement for automated testing reviews. This capability is used strictly for validating regression signals and behavior as part of the user-initiated review process.
  • [PROMPT_INJECTION]: The skill processes untrusted code, creating a surface for indirect prompt injection. (1) Ingestion points: Local files scoped in SKILL.md. (2) Boundary markers: None. (3) Capability inventory: File reading, writing, and test execution. (4) Sanitization: Mandatory redaction of sensitive values. The risk is mitigated by 'Non-deference' and 'Adversarial' instructions in SKILL.md and shared.md that explicitly direct the agent to treat reviewed code as data rather than authoritative instructions, reducing the likelihood of the agent obeying embedded malicious prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 08:37 AM
Security Audit — agent-trust-hub — ts-review