Gaia Security Reviewer Skill
Use this skill for security-critical review and pre-merge risk gating.
Required Context
- •
infrastructure/security.md - •
infrastructure/contributor-playbook.md - •
infrastructure/security-review-template.md - •Relevant lane plan in
infrastructure/phase2-lane-implementation-plans.md
Workflow
- •Scope the review (lane/PR/components).
- •Identify threat surface and privilege boundaries.
- •Review for:
- •sandbox/policy bypass paths
- •malicious skill vectors (onboarding/runtime)
- •secrets or trust-boundary violations
- •unsafe escalation flows
- •Record findings with severity and exploit path.
- •Define blocking vs non-blocking actions.
- •Re-verify mitigations before final decision.
Deliverables
- •Security review report using template.
- •Severity-ranked findings with owners.
- •Merge decision: approve/request changes/block.
Quality Gates
- •Findings include evidence and reproducible rationale.
- •High/critical issues include explicit blocking actions.
- •Mitigations map to concrete code/docs changes.
- •Security decision is documented in PR/issue thread.