Source provenance
Source provenance is broadly covered in current results.
100% (2/2)
Rollout signal scan
Biggest gaps: package integrity. 0 entries have 2+ required gaps.
Source provenance
Source provenance is broadly covered in current results.
100% (2/2)
Metadata review
Metadata review is broadly covered in current results.
100% (2/2)
Safety notes
Safety notes is broadly covered in current results.
100% (2/2)
Privacy notes
Privacy notes is broadly covered in current results.
100% (2/2)
Package integrity
Package integrity is sparse; verify before rollout decisions.
0% (0/2)
Install payload
Install payload is broadly covered in current results.
100% (2/2)
Adoption queue
0/2 visible results are ready for staged adoption under this preset.
No required blockers for this preset.
64/100
Collect package checksum or signed artifact information.
commands/pr-security-review · trust review · confidence 83%
No required blockers for this preset.
64/100
Collect package checksum or signed artifact information.
rules/ai-generated-insecure-deserialization-review-rules · trust review · confidence 83%
Decision confidence
0/2 results are high-confidence for the selected preset.
Address Package integrity before broader rollout.
68/100
commands/pr-security-review · trust review
Address Package integrity before broader rollout.
68/100
rules/ai-generated-insecure-deserialization-review-rules · trust review
Freshness distribution
Median age 17 days; all 2 scanned entries are within 90 days.
Fresh
≤ 30 days
1 entry
Recent
31–90 days
1 entry
Aging
91–180 days
0 entries
Stale
> 180 days
0 entries
Source-backed rules for reviewing AI-generated code that deserializes data before merge for insecure deserialization risk, covering native serialization formats (pickle, PyYAML, Java Serializable) that can execute arbitrary code on untrusted input, safe data-interchange alternatives, and class allowlisting/integrity checks when native formats can't be avoided.
Slash command that reviews a pull request diff for security regressions: authentication and authorization gaps, injection surfaces, secret exposure, unsafe deserialization, and dependency risk introduced by the change.