pma-cr
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a robust and secure workflow for reviewing code changes, utilizing standard command-line tools (git, gh) within their intended scope for developer productivity.
- [SAFE]: The reference packs for Go, Python, Rust, and TypeScript provide high-quality security guidance, explicitly instructing the agent to look for and report security risks like unsafe deserialization (pickle, yaml.load), command injection, and improper input validation.
- [SAFE]: All external documentation links point to trusted organizations and well-known services, including OWASP, Google Engineering Practices, and official language documentation, to provide authoritative guidance for code quality and security.
- [SAFE]: The skill instructions emphasize reporting high-confidence issues and avoiding noise, ensuring that the agent remains focused on legitimate security and correctness problems.
Audit Metadata