coding-router
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill pack enforces a strict 'Plan-First' behavior model. Non-trivial tasks must pass through a read-only planning phase (
scripts/code-plan) and receive an explicit 'APPROVE' response from the user before the implementation agent (coding-agent) is allowed to make any changes. - [COMMAND_EXECUTION]: The skill uses shell wrappers like
safe-impl.shandsafe-review.shto interface with developer tools such as OpenAI Codex, Claude Code, and the GitHub CLI. These wrappers include security-focused constraints, such as enforcing minimum timeouts for reviews (600s), preventing commits to protected branches (main/master), and rejecting prompts containing potentially malicious control characters. - [SAFE]: Tool invocation is routed through sanctioned entry points (e.g.,
acpx-direct) that normalize execution environments and prevent direct policy bypasses. The skill also includes comprehensive diagnostic utilities (doctor) and smoke tests (smoke-wrappers.sh) to ensure toolchain integrity. - [SAFE]: Data processing surfaces, such as the automated review-fix loop supervisor, use strict machine-readable contracts (regex-validated footers) to minimize the risk of indirect prompt injection influencing critical execution logic.
Audit Metadata