orchestrate-repair-loop
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is primarily designed to execute shell commands for running automated tests and applying code patches. These actions are performed within the scope of the target repository and are subject to a pre-flight confirmation where the user specifies allowed operations.- [INDIRECT_PROMPT_INJECTION]: The skill ingests configuration data and test commands from files within the analyzed repository, such as CLAUDE.md and .ai-cortex/config.yaml. This creates a surface where malicious instructions could be placed in the codebase to influence the agent's behavior.
- Ingestion points: Repository configuration files (CLAUDE.md, .ai-cortex/config.yaml) and source code files.
- Boundary markers: Absent; the skill relies on these files for execution parameters without additional validation.
- Capability inventory: Shell command execution (via test runners) and file system modification (via patching).
- Sanitization: The skill does not describe explicit sanitization of the contents retrieved from project configuration files.
Audit Metadata