code-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill provides grep commands for static analysis of local source files to detect incorrect binding access patterns. These operations are local and do not involve unauthorized execution.
- [CREDENTIALS_UNSAFE] (SAFE): The documentation explicitly warns against hardcoding secrets like API keys and tokens, directing users to use managed secrets via 'wrangler secret put'.
- [DATA_EXFILTRATION] (SAFE): No exfiltration patterns were identified. The guidelines focus on identifying logic flaws and ensuring platform-correctness within the Cloudflare environment.
- [REMOTE_CODE_EXECUTION] (SAFE): The mention of 'npx oxlint' is a recommendation for running local linting tools within projects that already support them, and does not involve downloading or executing untrusted scripts from the internet.
Audit Metadata