autoreview

Pass

Audited by Gen Agent Trust Hub on Jul 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/autoreview_test.py and scripts/test-review-harness.py scripts utilize subprocess.run to execute Git commands and invoke the review engine CLI. This execution is necessary for the tool's core functionality of auditing source code and managing repository fixtures within a testing environment.\n- [DATA_EXFILTRATION]: The skill transmits code diffs and project metadata to external AI review services (Codex, Claude, Pi). This is documented as the primary function of the tool. Security controls described in SKILL.md ensure that sensitive files (e.g., .env, SSH keys) and secret-like patterns are stripped from bundles before transmission, and that the review engines operate in isolated workspaces.\n- [PROMPT_INJECTION]: As a code review tool, it processes untrusted patch data which presents an indirect prompt injection surface. The skill manages this risk through a mandatory evidence chain: Ingestion points include git patches, --prompt-file content, and --dataset values; Boundary markers include the use of "injection-safe source-line records" and "validated bundles"; Capability inventory includes shell access for Git and engine CLIs; Sanitization includes the automated stripping of credentials, triggering failures on sensitive file paths, and employing engine-level isolation such as Claude's --safe-mode and Codex's --ignore-user-config as detailed in SKILL.md.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 14, 2026, 12:12 AM
Security Audit — agent-trust-hub — autoreview