greploop
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Uses standard version control CLI tools such as
git,gh,glab, andp4to automate the code review lifecycle, including pushing updates and managing review threads. - [DATA_EXFILTRATION]: Fetches pull request and merge request metadata, descriptions, and comments from established development platforms to extract review scores and feedback.
- [PROMPT_INJECTION]: Ingests external content from code review comments and PR descriptions, creating a surface for indirect prompt injection. Ingestion points: Fetches PR/MR comments and descriptions using
gh,glab, andp4. Boundary markers: Absent; the agent is instructed to understand the comment in context without explicit delimiter enforcement. Capability inventory: Includesgit push,p4 shelve, and API calls to resolve threads or update PR metadata. Sanitization: Absent; the skill relies on the agent's logic to determine if a comment is actionable.
Audit Metadata