run-repair-loop
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes repository-specific test suites via a shell. This involves running code from the target repository, which is a necessary part of the 'repair loop' functionality. This risk is mitigated by pre-flight checks and hard boundaries defined in SKILL.md that prevent the use of network or container services without explicit user consent.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from the target repository (code, comments, and documentation) to identify issues and generate fixes.
- Ingestion points: Files within the target repository path (referenced in SKILL.md inputs).
- Boundary markers: No explicit delimiters or instructions are defined to help the agent distinguish between repository content and operational instructions during the review phase.
- Capability inventory: The skill has the ability to modify local files and execute shell commands (SKILL.md).
- Sanitization: No evidence of sanitization or filtering of the repository content is mentioned before it is passed to the review sub-skills.
Audit Metadata