review-fix-signoff-loop
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill defines a workflow where agents process data from external sources, such as pull request descriptions and validation command outputs, which could contain instructions designed to influence agent behavior.
- Ingestion points: pull request data (via
gh pr view), repository file content, and validation/CI logs. - Boundary markers: The skill employs structured contracts (Verdict Contract and Scope Matrix) to organize data, which helps provide context but does not explicitly sanitize inputs against embedded instructions.
- Capability inventory: The agents have the ability to execute code via
codex, perform repository operations viagit, and interact with GitHub via theghCLI. - Sanitization: There is no evidence of input filtering or escaping for data retrieved from external sources.
- [COMMAND_EXECUTION]: The skill instructions involve the use of various command-line utilities to manage the development lifecycle.
- Evidence: Usage of
git status,npm view, andnpm lsfor reconciliation and verification. - GitHub CLI: Usage of
gh pr viewandgh pr commentto interact with remote repositories. - Vendor Tools: Execution of
codex execfor code modification and implementation tasks.
Audit Metadata