branch-quiz
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill executes
git diff main...HEADto retrieve code changes from the current branch. This is a standard and expected operation given the skill's purpose of quizzing users on code diffs. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it processes untrusted source code without sanitization. Evidence Chain: 1. Ingestion points: The agent reads the output of
git diffand the contents of every changed file (as specified in SKILL.md Step 2). 2. Boundary markers: Absent; there are no instructions to use delimiters or ignore instructions embedded within the code diffs. 3. Capability inventory: The skill can executegitcommands and interact with the user viaAskUserQuestion. 4. Sanitization: Absent; the skill does not mention filtering or escaping strings from the source code that might contain malicious instructions for the AI.
Audit Metadata