orchestrate-repair-loop
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands for running automated tests. These commands are dynamically determined based on the repository's configuration files, such as
CLAUDE.mdor.ai-cortex/config.yaml. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core function of processing untrusted codebase data to generate fixes.
- Ingestion points: The skill reads repository source code, git diffs, and local configuration files (e.g.,
CLAUDE.md). - Boundary markers: There are no explicit instructions for the agent to use delimiters or specific safety prompts when ingesting and processing these files.
- Capability inventory: The skill can execute arbitrary shell commands via its testing logic and write modifications to the file system.
- Sanitization: No sanitization or validation of the repository content is specified before it is processed by the AI to determine code fixes.
Audit Metadata