review
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is configured with
disable-model-invocation: true, a security best practice that prevents the assistant from using this skill to trigger other tools or skills, limiting the potential impact of adversarial content encountered during a review. - [SAFE]: Tool access is appropriately scoped to local file reading (
Read,Grep,Glob) and specific, non-destructive git commands (git diff,git log,git show). This adheres to the principle of least privilege. - [SAFE]: The skill operates entirely on local repository data and does not include any network operations, remote code downloads, or credential-handling logic.
- [SAFE]: Analysis of data ingestion (Category 8 surface): The skill ingests untrusted code via git diffs and file reads (SKILL.md). While this represents a surface for indirect prompt injection, the risk is mitigated by the restricted toolset and the explicit disabling of model invocation, which prevents the agent from being coerced into performing unauthorized actions based on the code it reviews.
Audit Metadata