vibe-review
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to execute a restricted set of git commands (diff,log,show,remote) and basic utilities (pwd,wc) to identify the environment and analyze code changes. - [PROMPT_INJECTION]: The skill processes untrusted code from external sources (files and pull requests), which presents an inherent surface for indirect prompt injection. This is expected behavior for a code review tool.
- [DATA_EXFILTRATION]: Repository metadata, including the remote origin URL and local file paths, is accessed to determine the project type and load the correct reference standards. No unauthorized data transmission or external network activity was found.
Audit Metadata