claude-review-loop

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local development tools including the claude CLI, npm run lint, and npm run test. These are standard commands for a code-focused agent to perform its intended task of reviewing and verifying code changes.
  • [INDIRECT_PROMPT_INJECTION]: The skill identifies a potential attack surface by ingesting external data from git diffs which may contain untrusted code comments or documentation.
  • Ingestion points: The output of git diff main...HEAD is passed to a sub-agent in SKILL.md.
  • Boundary markers: Absent; the git diff is interpolated directly into the prompt without explicit delimiters.
  • Capability inventory: The main agent maintains capabilities to modify the filesystem (Edit, Write) and execute shell commands (Bash via npm).
  • Sanitization: No explicit filtering or sanitization of the diff content is performed.
  • Mitigation: The risk is significantly reduced because the skill explicitly disables dangerous tools (Bash, Edit, Write) for the sub-agent that first processes the untrusted data, and the main agent is instructed to manually triage findings before acting.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 12:53 AM
Security Audit — agent-trust-hub — claude-review-loop