Skills
skills/yurnov/gerrit-in-5-min/gerrit-review/Gen Agent Trust Hub

gerrit-review

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill operates as a legitimate developer tool for Gerrit Code Review. It follows best practices by using environment variables for sensitive configuration (URL, username, and HTTP token) and provides clear documentation on how to set them securely.
  • [COMMAND_EXECUTION]: The helper script scripts/gerrit_api.sh utilizes standard system utilities including curl for network requests, jq for JSON manipulation, and base64 for decoding file contents fetched from the API. These operations are restricted to the intended functionality of the skill.
  • [EXTERNAL_DOWNLOADS]: All network activity is directed toward the user-specified Gerrit instance. The skill fetches change metadata, diff information, and file contents from this trusted endpoint as part of its core feature set.
  • [DATA_EXFILTRATION]: The skill transmits authentication credentials to the user-provided Gerrit server URL using HTTP Basic Authentication. This is the standard method for Gerrit REST API authentication. The skill includes explicit warnings in the documentation and comments to avoid logging or printing these credentials.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 11:46 AM