autoreview
Pass
Audited by Gen Agent Trust Hub on Jul 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/autoreview_test.pyandscripts/test-review-harness.pyscripts utilizesubprocess.runto execute Git commands and invoke the review engine CLI. This execution is necessary for the tool's core functionality of auditing source code and managing repository fixtures within a testing environment.\n- [DATA_EXFILTRATION]: The skill transmits code diffs and project metadata to external AI review services (Codex, Claude, Pi). This is documented as the primary function of the tool. Security controls described inSKILL.mdensure that sensitive files (e.g.,.env, SSH keys) and secret-like patterns are stripped from bundles before transmission, and that the review engines operate in isolated workspaces.\n- [PROMPT_INJECTION]: As a code review tool, it processes untrusted patch data which presents an indirect prompt injection surface. The skill manages this risk through a mandatory evidence chain: Ingestion points include git patches,--prompt-filecontent, and--datasetvalues; Boundary markers include the use of "injection-safe source-line records" and "validated bundles"; Capability inventory includes shell access for Git and engine CLIs; Sanitization includes the automated stripping of credentials, triggering failures on sensitive file paths, and employing engine-level isolation such as Claude's--safe-modeand Codex's--ignore-user-configas detailed inSKILL.md.
Audit Metadata