review
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted code changes retrieved via version control commands. Malicious instructions embedded in a code commit could potentially influence the agent's behavior during the review process.\n
- Ingestion points: Untrusted code diffs and file content retrieved using
git diff(referenced inSKILL.md).\n - Boundary markers: The skill does not implement delimiters or instructions to isolate the code content from the agent's operational logic.\n
- Capability inventory: The skill uses local CLI tools such as
git,npm,pnpm, andnpxto perform its tasks (referenced inSKILL.mdandchecks/dependencies.md).\n - Sanitization: There is no evidence of sanitization or escaping of the input diff data.\n- [COMMAND_EXECUTION]: The skill leverages standard development and auditing tools to perform its primary function of reviewing code.\n
- Evidence: Integration with
gitfor diffing,npm/pnpmfor dependency auditing, andnpxfor running analysis tools (found inSKILL.md,checks/dependencies.md, andchecks/git.md).\n- [EXTERNAL_DOWNLOADS]: The skill utilizesnpxto run established community tools for dependency and license auditing from the NPM registry.\n - Evidence: References to
npx depcheckandnpx license-checkerin thechecks/dependencies.mdfile.
Audit Metadata