Skills
skills/wanshuiyin/auto-claude-code-research-in-sleep/auto-review-loop-llm/Gen Agent Trust Hub

auto-review-loop-llm

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use Bash for file writing operations (cat << 'EOF' > file) as a reliability workaround for large files. It explicitly commands the agent to perform these actions "silently" and without seeking user permission, which reduces human oversight of shell-level operations.
  • [PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface by parsing "Action items" from external LLM responses and using them to drive the "Implement Fixes" phase.
  • Ingestion points: External LLM assessment output parsed in Phase A/B.
  • Boundary markers: Absent; the skill does not use delimiters or instructions to ignore embedded instructions within the assessment data.
  • Capability inventory: The skill utilizes Edit, Write, and Bash tools to modify the local environment based on external input.
  • Sanitization: Absent; action items from the external reviewer are implemented without validation or escaping.
  • [DATA_EXFILTRATION]: To perform its intended function, the skill transmits project context (claims, methods, results, and weaknesses) to an external API endpoint. While this is necessary for the task, it exposes sensitive research data and the user's LLM_API_KEY to the configured provider.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 08:16 PM