iterative-review-omo
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
git diffandgit logto extract contextual information from the local repository for processing by automated agents. - [PROMPT_INJECTION]: The skill includes 'Agent Discipline' instructions that command the agent to override its default instincts and strictly restricts its operational behavior, which can be used as a pattern for bypassing standard agent safety or operational guardrails.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted codebase data and uses it to drive automated file modifications.
- Ingestion points: Code diffs and commit logs are gathered from the local filesystem in Step 0 and Step 1.
- Boundary markers: Diff data is wrapped in markdown code blocks when passed to the sub-agent, but the skill lacks specific instructions to ignore any embedded directives within that data.
- Capability inventory: The skill utilizes 'edit tools' and the
hephaestussub-agent to perform refactoring and bug fixes on the local codebase based on LLM output. - Sanitization: There is no evidence of sanitization or safety filtering applied to the git output before it is processed by the reviewing agent.
Audit Metadata