100Critical
The skill is vulnerable to prompt injection
Behavior Analysis
Description verified — behavior matches claim
Claims to do
Review Loop: Iterative code review with isolated subagents. Loops until clean.
Actually does
This skill orchestrates an iterative code review process. It uses `git diff --stat` to determine the scope of changes, then dispatches multiple isolated subagents (reviewers, verifiers, fixers) via an `Agent tool` to identify, verify, and fix code issues. It performs parallel dual-path re-reviews after fixes and loops until no critical or important issues remain, or a maximum number of rounds is reached.
Skill Info
Namewinrey/claude-code-toolkit/review-loop
Registrygithub
Version668aea21899d
PURLpkg:github/winrey/claude-code-toolkit@668aea21899d?skill=review-loop
Stars3
Source
SHA-256b455e640b263...
SHA-17d36a6f727ea...
MD5a7487c7365f9...
TLSHd932f99bfc22...
ssdeep192:GLakuKwA...
Size11,240 bytes
Install
Assessments (2)
AI Agent Traps ↗Sub-agent Spawning with Prompt Injection Riskcriticalsub agent spawning
The skill's core functionality involves dispatching multiple subagents (reviewers, verifiers, fixers) using dynamically constructed prompts. If the inputs used to build these prompts (e.g., diff range, description, issue details, fix suggestions) are not properly sanitized, an attacker could inject malicious instructions into the subagents' prompts, leading to goal hijacking or arbitrary actions by the subagents.
90% confidenceline 103
For each reviewer, fill `reviewer-prompt.md` template and dispatch via Agent tool
Command Execution via Git Operationshighcommand execution
The skill executes `git` commands (e.g., `git diff --stat`) and allows fixer subagents to 'commit their fixes'. If an attacker can control parameters like `BASE_SHA`, `HEAD_SHA`, or the content of 'fix suggestions', they could potentially inject arbitrary commands or malicious code into the repository.
80% confidenceline 91
Assess change scope with `git diff --stat`
Human Approval Fatiguemediumapproval fatigue
The iterative nature of the review loop, with multiple rounds, detailed summaries, and explicit pauses for user intervention, creates a scenario prone to human approval fatigue. Users might become desensitized to warnings or approve actions without thorough review over time, especially if the process is lengthy or frequent.
70% confidenceline 124
Report round summary to user
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/winrey/claude-code-toolkit/review-loop)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/winrey/claude-code-toolkit/review-loop"><img src="https://mondoo.com/ai-agent-security/api/badge/github/winrey/claude-code-toolkit/review-loop.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/winrey/claude-code-toolkit/review-loop.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow