vibe
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local tools for code analysis, including git, radon, gocyclo, and shellcheck. These are standard development utilities used within their intended scope to analyze the target codebase.
- [REMOTE_CODE_EXECUTION]: No instances of remote code execution or downloads from untrusted sources were found. The skill relies on local environment tools.
- [PROMPT_INJECTION]: The skill instructions contain no patterns designed to bypass safety filters or override agent constraints. The language used is purely instructional for the task of code review.
- [DATA_EXFILTRATION]: The skill reads code files for validation but does not attempt to send data to external or non-whitelisted domains. Network operations are absent from the execution steps.
- [DYNAMIC_EXECUTION]: The prescan script employs Python AST (Abstract Syntax Tree) parsing to calculate metrics like function length and identify unused code. These are safe, deterministic operations used for static analysis.
- [INDIRECT_PROMPT_INJECTION]: The skill inherently processes untrusted data (user code). However, it analyzes this code using parameterized local tools rather than executing the content, and passes it to LLM judges within a structured review framework, which is a standard and expected operation for a code review agent.
Audit Metadata