Skills
skills/ilamanov/skills/review-loop/Gen Agent Trust Hub

review-loop

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted data from external sources.
  • Ingestion points: The skill fetches PR comments, review bodies, and issue comments using the GitHub API (gh api) in SKILL.md (lines 192-215).
  • Boundary markers: No delimiters or instructions are used to distinguish reviewer feedback from the agent's primary instructions.
  • Capability inventory: The skill has the capability to modify local files, commit changes, and push to remote repositories (git commit, git push) based on the ingested content (lines 236-243).
  • Sanitization: There is no evidence of sanitization or validation of the code suggestions extracted from PR comments before they are applied to the source code.
  • [COMMAND_EXECUTION]: The skill utilizes dynamic context injection using the ! syntax to gather repository information at load time in SKILL.md (lines 35-38). These commands (git branch, git status, gh pr view, git log) are standard for developer workflows and are used for context gathering rather than executing arbitrary user input.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 05:08 PM