code-review
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill executes standard commands such as git, gh, glab, and jq to fetch repository metadata and branch diffs. These are appropriate for the skill's purpose and do not include suspicious flags or elevated privileges.
- [DATA_EXFILTRATION] (SAFE): The skill does not access sensitive credential files or transmit data to unauthorized external domains. Operations are contained within the repository and official API CLI tools.
- [INDIRECT_PROMPT_INJECTION] (SAFE): While the skill ingests untrusted data from git logs and pull request descriptions, it is a standard part of the code review process. The skill lacks dangerous execution capabilities that could be exploited via this surface. (Ingestion points: git log, git diff, gh pr view, glab mr view; Boundary markers: Absent; Capability inventory: Read-only repository CLI operations; Sanitization: Absent).
Audit Metadata