Review staged git changes for LGPD compliance, prompt injection risk, PII leakage, secrets, and trust boundaries before committing. Delegates to the security-privacy-reviewer sub-agent.
Delegate to the security-privacy-reviewer sub-agent with a focused review of the current staged diff.
Collect the staged diff and file list:
git diff --cached --stat
git diff --cached
If the diff is empty, report "No staged changes to review." and stop.
Spawn the security-privacy-reviewer sub-agent via the Agent tool
with a prompt that includes:
git diff --cached output (trimmed if > 1500 lines).Example prompt skeleton:
You are reviewing the following staged changes for AegisNode before commit. Focus on LGPD compliance, prompt injection risk, PII leakage, and secrets. Return your review in the standard format defined in your agent definition.
Files changed: <git diff --cached --stat output>
Full diff: <git diff --cached output>
Surface the review verdict to the user verbatim. Do NOT rewrite or summarize the blocker list — the user needs to see the exact file:line callouts.
src/aegis/llm.py (prompt injection
surface).data/synthea/ or data/guidelines/
(patient data / guideline poisoning).src/aegis/config.py or .env*.*.md with no secrets).