vscode
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Command Execution (SAFE): The skill utilizes standard local commands (git, code) for their primary purpose of viewing code differences. No risky flags or network operations are included.
- Indirect Prompt Injection (LOW): Detected an attack surface where untrusted data could be interpolated into shell commands. 1. Ingestion points: File path arguments in bash snippets. 2. Boundary markers: Absent. 3. Capability inventory: git show, code -d, git log. 4. Sanitization: Absent.
Audit Metadata