review-loop
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external project files and reviewer feedback to drive automated file modifications and commits, creating a potential vector for indirect prompt injection.
- Ingestion points: Reads project files (plans/work) and findings generated by other agents (reviewers).
- Boundary markers: No explicit delimiters or instruction-isolation markers are used when processing the target work or reviewer findings.
- Capability inventory: Performs file system writes (fixes), executes git commit commands, and creates issues using the gh CLI.
- Sanitization: Content from findings is used in commit messages and issue titles without evident sanitization or validation.
- [COMMAND_EXECUTION]: The skill executes git and gh (GitHub CLI) commands to manage code changes and track findings. These operations are core to the skill's purpose and use well-known development tools for standard workflows.
Audit Metadata