check
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection as it processes untrusted data from the user's workspace without adequate isolation.
- Ingestion points: Git diff output is written to
/tmp/check-diff.patchand local check instructions are read from.continue/checks/*.md. Both files are then read by sub-agents. - Boundary markers: Absent. The sub-agent prompt template lacks strong delimiters or "ignore embedded instructions" warnings to separate the reviewed content (the diff) from the agent's task instructions.
- Capability inventory: The skill executes local shell commands (
git,tail,glob) and spawnsgeneral-purposesub-agents to perform analysis. - Sanitization: No sanitization, escaping, or validation is performed on the diff content before it is processed by the sub-agents.
- [COMMAND_EXECUTION]: The skill executes standard shell commands to gather repository context and process agent outputs.
- Evidence: Uses
git diff,git log, andtailto generate and read temporary files in/tmp. These commands are standard for the skill's stated purpose of running local checks.
Audit Metadata