agent-loop-autoreview
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing external data to guide its actions.
- Ingestion points: Pull request comments and review suggestions are fetched from the GitHub API (SKILL.md).
- Boundary markers: The skill does not employ delimiters or specific instructions to prevent the agent from obeying instructions embedded within the PR comments.
- Capability inventory: The skill has extensive capabilities including file system modification, command execution (
npm,pytest,ruff), and repository management (git push,gh pr merge). - Sanitization: While the skill validates fixes via linting and tests, it lacks sanitization or filtering of the instructions themselves, potentially allowing malicious comments to trigger unauthorized code changes or command execution.
- [COMMAND_EXECUTION]: The skill makes extensive use of local shell commands to perform its duties, including
gitfor version control,ghfor GitHub API interaction, and language-specific tools likenpm,npx,ruff, andpytestfor validation and testing.
Audit Metadata