review-package
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill executes standard system commands (
git,find,zip,pbcopy,osascript) to perform its primary function of gathering files and creating a review package. These commands are used as intended and do not target sensitive system files. - [EXTERNAL_DOWNLOADS] (SAFE): No external downloads or remote script executions were identified. The shell script used is local to the skill's distribution.
- [DATA_EXFILTRATION] (SAFE): While the skill bundles project files into a ZIP, it does so within the user's local
/tmpdirectory. It does not send this data to any remote server; the user must manually upload the resulting ZIP to a reviewer. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes project source code which could theoretically contain instructions targeting the analyzer agent or the eventual external reviewer. However, the skill uses these files solely as data for bundling and does not execute them or interpolate them into its own system instructions in a way that would bypass safety filters.
- [PRIVILEGE_ESCALATION] (SAFE): No use of
sudo,chmod 777, or other privilege escalation techniques was found.
Audit Metadata