hld-reviewer
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python audit scripts (
trace_lint.pyandtrace_build_rtm.py) located in theplugins/testany-eng/directory. These are vendor-owned resources used to automate traceability and consistency checks between design documents and requirements. - [DATA_EXFILTRATION]: While the skill reads sensitive project documentation (HLD/PRD), it does so for the purpose of local analysis and reporting. No evidence was found of instructions to transmit this data to unauthorized external endpoints.
- [PROMPT_INJECTION]: The skill operates on a 'risk-driven' and 'evidence-based' model, explicitly instructing the agent to challenge the design based on documentation rather than overriding safety or system-level constraints.
Audit Metadata