Workflow Config System
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill primarily serves as a configuration schema and documentation for development workflows and does not include executable code or suspicious payloads.
- [COMMAND_EXECUTION]: The skill manages Git hooks (pre-commit, pre-push, post-merge) that execute local development tools such as linters, formatters, and test runners.
- [EXTERNAL_DOWNLOADS]: The configuration supports automated package installation (e.g., npm install) as a post-merge action, which fetches dependencies from official registries.
- [PROMPT_INJECTION]: The 'auto_review' feature processes project source code via an LLM, which represents an indirect prompt injection surface. This is a common characteristic of automated code review tools and is mitigated by project-specific review settings.
Audit Metadata