run-review
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a well-structured orchestration tool for code reviews with no detected malicious behaviors.
- [COMMAND_EXECUTION]: The skill leverages standard development tools like
git,gh(GitHub CLI), andcodexto manage code changes and feedback. These executions are legitimate and strictly bounded by user authorization rules defined in the skill instructions. - [EXTERNAL_DOWNLOADS]: The skill interacts exclusively with GitHub and the Codex service via their respective official command-line interfaces. No unauthorized remote downloads or suspicious code execution via pipes were found.
- [DATA_EXFILTRATION]: No evidence of data exfiltration or credential harvesting was identified. The skill correctly instructs the use of environment variables or official CLI auth states rather than hardcoding secrets.
- [PROMPT_INJECTION]: The skill specifically addresses risks like indirect prompt injection in its developer-facing documentation, demonstrating a defensive design posture aimed at protecting the agent from untrusted diff content.
Audit Metadata