security-review
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a purpose-built security auditing tool that operates within the expected scope of repository analysis.
- [COMMAND_EXECUTION]: Uses git commands (status, diff, log, show, remote show) to analyze code changes. These tools are appropriate for the skill's primary function of reviewing PRs and branch history.
- [EXTERNAL_DOWNLOADS]: The skill is attributed to the official @anthropic-ai/claude-code package, which is a well-known and trusted source. No unauthorized or risky external dependencies were identified.
- [PROMPT_INJECTION]: The skill ingests untrusted code diffs, which is a surface for indirect prompt injection. Ingestion occurs via git commands (diff, log, show) and uses markdown blocks as boundaries. Capabilities are restricted to repository analysis tools, and the skill includes internal filtering and specific security engineering guidelines to mitigate risks associated with untrusted content.
Audit Metadata