peer-review-loop
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell scripts
scripts/codex-review.shandscripts/setup-build.shto manage the Ralph Loop lifecycle and review iterations. - [COMMAND_EXECUTION]: It invokes the
codexcommand-line utility for performing automated peer reviews. - [EXTERNAL_DOWNLOADS]: The skill relies on the
@openai/codexpackage from the public NPM registry, which is a well-known service from a trusted provider. - [PROMPT_INJECTION]: The skill possesses an Indirect Prompt Injection surface through the processing of external data. * Ingestion points: Reads project source code and Cavekit definition files from the
context/kits/directory. * Boundary markers: There is an absence of explicit delimiters or instructions to ignore embedded commands when these files are interpolated into the builder and reviewer prompts. * Capability inventory: The skill has the capability to execute shell scripts and modify the persistent.mcp.jsonconfiguration file based on the loop's output. * Sanitization: No sanitization or validation logic is described for the data ingested from files or the findings generated by the peer reviewer before they are processed.
Audit Metadata