code-reviewer
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates code reviews by invoking local AI CLI binaries (e.g.,
claude,aider,codex) viaspawnSync. This is an intended feature that allows for cross-model verification of local code changes. - [PROMPT_INJECTION]: To protect against malicious instructions embedded in reviewed code, the skill implements a 'prompt-shield' in
scripts/prompt-shield/compose.mjswhich wraps untrusted content in salted XML tags with an anti-injection preamble. - [DATA_EXFILTRATION]: While the skill transmits local code/diffs to other local CLIs (which may send data to cloud providers), it implements a 'secret-shield' in
scripts/secret-shield/that scans for and redacts a wide range of sensitive credentials (AWS keys, GitHub tokens, JWTs, private keys) before transmission. - [SAFE]: The implementation follows industry security best practices, including:
- Path Hijacking Prevention: Resolving binaries to absolute paths using
locateBinarybefore execution. - Environment Isolation: Using a fail-closed environment allowlist (
buildChildEnv) to prevent sensitive environment variable leakage to child processes. - Transparency: Providing clear warnings about the visibility of data in the system process list for CLI configurations that do not support stdin.
- Consent: Requiring explicit user confirmation before executing cross-model or parallel reviews.
Audit Metadata