review-fix-loop
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands to interact with a code review tool and process results through a local script.\n
- It utilizes
mktempto create isolated temporary files for stdout, stderr, and results, which avoids static path vulnerabilities and local data leakage.\n - The commands are focused solely on developer workflows and do not involve untrusted network sources or elevated privileges.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests and processes findings from an external review tool.\n
- Ingestion points: The agent reads and triages results generated by the
codex exec reviewcommand as described in SKILL.md.\n - Boundary markers: Findings are not wrapped in security delimiters, though the skill provides explicit triage logic (e.g., 'fix now' vs 'skip for now') to guide the agent.\n
- Capability inventory: The agent is tasked with modifying files in the repository based on the external tool's suggestions (SKILL.md).\n
- Sanitization: No sanitization of the tool's output is performed before it is processed by the agent.
Audit Metadata