review-fix-signoff-loop

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill defines a workflow where agents process data from external sources, such as pull request descriptions and validation command outputs, which could contain instructions designed to influence agent behavior.
  • Ingestion points: pull request data (via gh pr view), repository file content, and validation/CI logs.
  • Boundary markers: The skill employs structured contracts (Verdict Contract and Scope Matrix) to organize data, which helps provide context but does not explicitly sanitize inputs against embedded instructions.
  • Capability inventory: The agents have the ability to execute code via codex, perform repository operations via git, and interact with GitHub via the gh CLI.
  • Sanitization: There is no evidence of input filtering or escaping for data retrieved from external sources.
  • [COMMAND_EXECUTION]: The skill instructions involve the use of various command-line utilities to manage the development lifecycle.
  • Evidence: Usage of git status, npm view, and npm ls for reconciliation and verification.
  • GitHub CLI: Usage of gh pr view and gh pr comment to interact with remote repositories.
  • Vendor Tools: Execution of codex exec for code modification and implementation tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 06:13 PM
Security Audit — agent-trust-hub — review-fix-signoff-loop