agent-loops
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's scripts and operational loops facilitate the execution of multiple external CLI tools, including
git,claude,gemini,codex,just, andcortex. These tools are necessary for the development workflow and interaction with AI services. - [EXTERNAL_DOWNLOADS]: The skill transmits repository content, including source code and diffs, to external LLM providers (Anthropic, Google, and OpenAI) for the purpose of code review and test auditing. These are recognized well-known services.
- [PROMPT_INJECTION]: The skill implements a workflow where the agent acts on findings produced by LLMs reviewing project code. This creates an attack surface for indirect prompt injection; malicious instructions or patterns embedded in the code under review could potentially manipulate the reviewer's output or the agent's subsequent remediation actions. The skill attempts to mitigate this through grounded findings verification and structured review prompts.
- [REMOTE_CODE_EXECUTION]: The
specialist-review.shscript invokes an external Python module,claude_ctx_py.review_parser, which is not bundled with the skill. This represents a dependency on an unverifiable external package. - [DATA_EXFILTRATION]: The skill accesses environment variables such as
ANTHROPIC_API_KEYandCLAUDE_CODE_OAUTH_TOKENto authenticate the official CLIs used for reviews. This access is limited to the intended functionality of communicating with official LLM providers.
Audit Metadata