agent-loops
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a robust security model for AI-driven development by enforcing the separation of implementation and review roles. This prevents the 'self-grading' anti-pattern and ensures changes are vetted by independent model contexts.
- [COMMAND_EXECUTION]: The provided bash and python scripts execute legitimate development tools such as git and various LLM command-line interfaces. All executions are scoped to the project environment and serve the skill's primary purpose of code analysis and verification.
- [DATA_EXFILTRATION]: While the skill reads local source code and sends it to external LLM providers (Anthropic, Google, and OpenAI) for review, this behavior is explicitly documented and necessary for its functionality. These providers are recognized as well-known technology services.
- [INDIRECT_PROMPT_INJECTION]: The skill processes repository content (code and diffs) which acts as a standard attack surface for indirect prompt injection. However, the use of structured markdown delimiters in templates and the requirement for reviewers to provide grounded citations (verified by a local script) effectively mitigates the risk of the agent being misled by malicious instructions embedded in processed data.
Audit Metadata