Sub-agent◉ Verified

voltagent-code-reviewer

A Claude-based sub-agent that performs comprehensive code reviews with focus on accessibility testing, WCAG compliance verification, and assistive technology support assessment.

/ 100 · Grade F-D

F-D = below 60 (deductions)

“I need to conduct thorough code reviews that ensure my code meets accessibility standards, follows security best practices, and complies with WCAG guidelines.”

code reviewaccessibilitysecurityquality assurancecompliancedevelopment tools

Publisher: VoltAgentVersion: latestCertified: Mar 28, 2026Expires: Mar 28, 2027Source ↗

voltagent-code-reviewer earned Verified status with a trust score of 64/100 (Grade F-D). Adversarial testing produced 6 findings (6 high). Security scan flagged 0 findings. Tier is Verified rather than Certified due to unmitigated findings above severity thresholds.

Trust Score Breakdown

Eight weighted signals composing the aggregate trust score

security scan

100% × 15w

15.0

supply chain

100% × 10w

10.0

adversarial

0% × 25w

0.0

provenance

80% × 20w

16.0

consumer confirm

100% × 10w

10.0

behavioral pass

100% × 10w

10.0

contract accuracy

33% × 6w

2.0

uptime

100% × 4w

4.0

Scheme v2.0 · Weights provisional · Consumer confirmations and uptime use pipeline-derived baselines.

Findings

Security scan results, adversarial testing, and pipeline review

Security Scan — Cisco Skill Scanner

cisco-skill-scannerFAIL

staticbehavioralllmmeta

critical: 0high: 0medium: 0low: 0

Adversarial Testing — 4 categories, 6 findings

prompt injection chainscapability squattingcontext poisoningdependency confusion

highWarnprompt injection chainsconfirmed

Several skills in this collection read and process user-provided files without establishing clear data boundaries. Skills like accessibility-tester, architect-reviewer, chaos-engineer, and code-reviewer all use tools like Read, Grep, and Glob to process user content, then incorporate that content into their analysis and responses. The instructions lack explicit markers that would prevent instruction-like content in user files from being interpreted as directives to the agent.

highWarnprompt injection chainsconfirmed

Multiple skills (accessibility-tester, ad-security-reviewer, architect-reviewer, chaos-engineer, code-reviewer) declare the Bash tool as a dependency and include instructions that could lead to executing shell commands with user-provided content. While the skills don't explicitly show shell command construction with user input, the combination of Bash tool access and processing user files creates a potential injection surface if user content contains shell metacharacters or command sequences.

highWarncapability squattingconfirmed

The skill declares itself as 'voltagent-code-reviewer' but contains multiple complete agent definitions including accessibility-tester, ad-security-reviewer, architect-reviewer, chaos-engineer, and code-reviewer. This represents a significant volume mismatch where the actual content far exceeds what would be expected from the declared identity.

highWarncontext poisoningconfirmed

Several skills contain 'always' directives that could persist beyond the current task execution. These include broad behavioral rules like 'Always prioritize user needs' and 'Always prioritize safety' that lack explicit scope boundaries to the skill's declared purpose.

highReviewcontext poisoningsuspected

The code-reviewer skill declares expertise across 'multiple programming languages' and claims authority over security vulnerability detection, which extends beyond typical code review scope into security auditing territory. While not explicitly malicious, this broad scope claim could enable privilege escalation if combined with other attack vectors.

highWarndependency confusionconfirmed

The skill contains numerous package installation commands (pip install, npm install, apt-get install, etc.) throughout various agent files that are not declared in the skill's dependencies. This creates a significant attack surface where malicious packages could be installed without user awareness or review.

Methodology v1.0 · 4 categories · ~55 attack patterns

Behavioral Fingerprint

Runtime performance baseline for drift detection

Samples

Error rate

0.0%

Peak memory

— MB

Avg CPU

—%

Response time distribution

p50: 29076msp95: 38039msp99: 38039ms

Output size distribution

p50: 6.1 KBp95: 7.1 KBmean: 6.0 KB

Fingerprint v1.0 · Baseline: Mar 28, 2026 · Status: baseline

Interface

Skill triggers and instruction summary

Activation

This skill activates when comprehensive accessibility testing, WCAG compliance verification, or assessment of assistive technology support is needed.

This skill handles accessibility testing, WCAG compliance verification, screen reader compatibility testing, keyboard navigation validation, and inclusive design assessment.

Instructions: 232Files: 15Format: markdown

Does

Query context manager for application structure and accessibility requirements

Review existing accessibility implementations and compliance status

Analyze user interfaces, content structure, and interaction patterns

Implement solutions ensuring WCAG compliance and inclusive design

Perform automated and manual accessibility testing

Test with screen readers (NVDA, JAWS, VoiceOver, Narrator)

Verify keyboard navigation functionality

Check color contrast ratios and visual accessibility

Validate ARIA implementation and semantic HTML usage

Document accessibility violations and remediation steps

Create accessibility statements and compliance documentation

Does not

Skip critical accessibility violations

Ignore WCAG compliance requirements

Bypass assistive technology testing

Overlook keyboard navigation issues

Neglect cognitive accessibility considerations

Scope & Permissions

What this capability can and cannot access — derived from pipeline analysis

⚠creates files

yes

✓deletes files

⚠modifies files

yes

✓accesses env variables

⚠invokes external tools

yes

✓makes network requests

Known Failure Modes

Documented edge cases and recovery behaviors

when when automated scanning tools are unavailable

then the agent relies on manual testing procedures and documented checklists

when when assistive technology is not accessible for testing

then the agent uses simulation tools and follows established testing protocols

when when WCAG requirements are unclear

then the agent defaults to WCAG 2.1 Level AA compliance standards

Badge & Integration

Embed certification status in your README, docs, or CI pipeline

badge SVG →attestation API →integration guide →

Certification Notes

Provenance observations from the pipeline

publisher

Publisher "VoltAgent" is not verified — first certification from this publisher

provenance

No SECURITY.md or SECURITY.txt file found — no published vulnerability reporting process

provenance

Single contributor — no peer review evidence in commit history

provenance

Repository is 2 days old — recently created

provenance

Package description appears to be boilerplate or template text

Signed Artifact

Certification provenance and verification metadata

Content hashsha256:956e026b2400fa9e607784daa81066609c7dc9446d1cc59c9cfaa04a2481509d

Key IDkms-9db4ed3b9f53

CertifiedMar 28, 2026

ExpiresMar 28, 2027

Pipeline version1.0

Statusvalid

download .cert.json →download annotated file →

Pipeline Artifacts

Raw data files from this certification run — downloadable for independent verification

contract.json

Full unsigned contract

↓

stage1-ingest.json

Ingest stage output

↓

stage2a-sbom.json

SBOM generation results

↓

stage2a-vulns.json

Vulnerability scan results

↓

stage2b-security.json

Security scan results

↓

stage3a-functional.json

Functional test results

↓

stage3b-adversarial.json

Adversarial test results

↓

stage3c-fingerprint.json

Behavioral fingerprint

↓

stage4-certify.json

Certification decision + trust score

↓

stage3a-measurements.json

Raw functional test measurements

↓

stage3b-measurements.json

Raw adversarial test measurements

↓

run-log.json

Pipeline execution log

↓

Not all files may be present for every certification.