code-review-playbook
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides structured documentation and scripts intended for code review workflows. All scripts (fetch-pr-data.sh, run-lint-check.sh, run-pr-checks.py) perform legitimate analysis using verified CLI tools.
- [COMMAND_EXECUTION]: The skill utilizes command-line tools such as gh (GitHub CLI), ruff, eslint, and biome for PR data retrieval and static code analysis. These executions are confined to the primary functionality of code auditing.
- [EXTERNAL_DOWNLOADS]: Dependencies and external references are limited to well-known technology services and official package registries (NPM, PyPI), which are treated as safe sources.
- [PROMPT_INJECTION]: Instructions within the skill and its scripts are focused on guiding the AI agent to provide constructive and secure feedback, with no evidence of bypass or override attempts.
Audit Metadata