staged-changes-review
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes tools like Bash, Grep, and Python to execute commands on the local repository. These operations are essential for its purpose of reviewing staged changes and detecting security patterns.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted Git diff output and file contents.
- Ingestion points: Untrusted data enters the agent context through git diff output (SKILL.md Steps 0, 2, 2.5), package.json (Step 0.5), and raw file contents (Step 3).
- Boundary markers: Absent. The skill does not employ delimiters or specific instructions to prevent the agent from being influenced by instructions embedded in the analyzed code.
- Capability inventory: The skill uses Bash, Read, Grep, and Glob tools across its workflow to interact with the file system and execute analysis commands.
- Sanitization: Absent. Data from the repository is processed raw during the semantic review phase.
Audit Metadata