code-review
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform routine development tasks such as identifying changed files via git, reading source code for analysis, and executing build or test commands (e.g.,
make test,npm run lint). These operations are consistent with the skill's stated purpose of reviewing and improving code. - [EXTERNAL_DOWNLOADS]: Instructions include the installation and use of the
@openai/codexpackage via npm. This package is from a well-known organization and is used as the primary engine for the code review process. No suspicious or unverified third-party dependencies were found. - [DATA_EXFILTRATION]: While the skill reads local source code files, it does so to provide context to the review engine. There are no patterns suggesting the exfiltration of sensitive data, such as credentials or private keys, to unauthorized external domains.
- [PROMPT_INJECTION]: The skill's instructions and reference materials focus on providing structured guidance for code quality and do not contain any patterns intended to bypass safety filters or override agent behavior.
- [DATA_RELIABILITY]: The skill implements an 'Auto-Fix' workflow that explicitly includes a user confirmation step before any modifications are applied to the codebase. This human-in-the-loop approach mitigates risks associated with processing untrusted data during the review process.
Audit Metadata