code-reviewer

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill facilitates code reviews by invoking local AI CLI binaries (e.g., claude, aider, codex) via spawnSync. This is an intended feature that allows for cross-model verification of local code changes.
  • [PROMPT_INJECTION]: To protect against malicious instructions embedded in reviewed code, the skill implements a 'prompt-shield' in scripts/prompt-shield/compose.mjs which wraps untrusted content in salted XML tags with an anti-injection preamble.
  • [DATA_EXFILTRATION]: While the skill transmits local code/diffs to other local CLIs (which may send data to cloud providers), it implements a 'secret-shield' in scripts/secret-shield/ that scans for and redacts a wide range of sensitive credentials (AWS keys, GitHub tokens, JWTs, private keys) before transmission.
  • [SAFE]: The implementation follows industry security best practices, including:
  • Path Hijacking Prevention: Resolving binaries to absolute paths using locateBinary before execution.
  • Environment Isolation: Using a fail-closed environment allowlist (buildChildEnv) to prevent sensitive environment variable leakage to child processes.
  • Transparency: Providing clear warnings about the visibility of data in the system process list for CLI configurations that do not support stdin.
  • Consent: Requiring explicit user confirmation before executing cross-model or parallel reviews.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 06:27 PM
Security Audit — agent-trust-hub — code-reviewer