agent-loop-autoreview

Pass

Audited by Gen Agent Trust Hub on Jun 25, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing external data to guide its actions.
  • Ingestion points: Pull request comments and review suggestions are fetched from the GitHub API (SKILL.md).
  • Boundary markers: The skill does not employ delimiters or specific instructions to prevent the agent from obeying instructions embedded within the PR comments.
  • Capability inventory: The skill has extensive capabilities including file system modification, command execution (npm, pytest, ruff), and repository management (git push, gh pr merge).
  • Sanitization: While the skill validates fixes via linting and tests, it lacks sanitization or filtering of the instructions themselves, potentially allowing malicious comments to trigger unauthorized code changes or command execution.
  • [COMMAND_EXECUTION]: The skill makes extensive use of local shell commands to perform its duties, including git for version control, gh for GitHub API interaction, and language-specific tools like npm, npx, ruff, and pytest for validation and testing.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 25, 2026, 04:44 PM
Security Audit — agent-trust-hub — agent-loop-autoreview