code-review
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local git commands, including
git logandgit diff, to identify changes on the current branch. These are read-only operations necessary for the skill's primary function and do not pose a privilege escalation risk. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it processes code content from a repository which may contain untrusted data.
- Ingestion points: Untrusted data is ingested from the repository via the
git diffcommand in SKILL.md. - Boundary markers: The workflow does not explicitly define delimiters or instructions to ignore embedded commands within the diff content.
- Capability inventory: The skill has the capability to execute shell commands (
git) and spawn/manage multiple sub-agents. - Sanitization: There is no evidence of sanitization or filtering of the code content before it is passed to the reviewers.
Audit Metadata