iterative-review
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes system commands to interact with the local Git repository. Specifically, it executes
git diffandgit logto extract context for the review and performs automatedgit commitoperations to apply suggested fixes. This behavior is documented and central to the skill's purpose. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data (source code diffs) and provides it to an LLM subagent without robust sanitization.
- Ingestion points: The output of
git diff(or user-provided context) is interpolated directly into the senior reviewer's prompt in Step 1. - Boundary markers: The code diff is enclosed in markdown triple backticks, but the system framing lacks a specific directive for the subagent to ignore instructions or payload markers contained within the code itself.
- Capability inventory: The agent can read repository history, write files, and execute commits to modify the codebase.
- Sanitization: There is no evidence of sanitization, escaping, or filtering applied to the diff content before it is processed by the subagent.
Audit Metadata