review-and-fix
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a thin orchestrator that automates a standard developer workflow. It chains existing internal skills and performs local quality checks.
- [COMMAND_EXECUTION]: The skill executes 'pnpm typecheck', 'pnpm lint', and 'pnpm test' as part of its quality gate phase. This is the primary intended function of the skill and is safe for its purpose.
- [INDIRECT_PROMPT_INJECTION]: The skill processes code and configuration from the current branch. While this represents a theoretical attack surface where a malicious repository could influence the agent via project scripts, the behavior is expected for this use case. 1. Ingestion points: current branch source code and package.json configuration. 2. Boundary markers: none. 3. Capability inventory: execution of local project scripts via pnpm. 4. Sanitization: none.
Audit Metadata