review
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local
gitcommands (git diff,git diff --cached) and advises running quality checks like linters and test suites, which triggers the execution of project-specific binaries and scripts. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its primary function is to process untrusted data in the form of code changes and documentation. \n
- Ingestion points: The agent reads output from git commands, the full content of modified files, and various documentation files (e.g.,
docs/code-standard.md,docs/architecture.md). \n - Boundary markers: There are no explicit delimiters or instructions to treat the analyzed code solely as data, which may allow embedded instructions in the code to be executed by the LLM. \n
- Capability inventory: The skill can execute git commands, potentially run test suites, and produce a final approval verdict and structured report. \n
- Sanitization: The skill does not include any steps to sanitize or filter the content of the files before they are processed by the agent.
Audit Metadata