peer-review
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various shell commands using the Bash tool, including
git(for diffing and logging),gh(to fetch PR metadata), andcodex(to perform the external AI review). These are standard operations for a developer-oriented code review tool. - [DATA_EXFILTRATION]: The skill transmits source code diffs to an external service via the
codexCLI. This is the primary intended function of the skill (providing an external peer review) and utilizes a well-known developer tool. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data in the form of code diffs and repository history. It provides structured instructions to the external reviewer and includes a manual triage step ('Iron Rule: Do not blindly trust Codex findings') to mitigate risks from inaccurate or malicious model outputs.
Audit Metadata