denarrate
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from source code comments, which creates an indirect prompt injection surface.
- Ingestion points: Activation step 1 reads local files and git diff output.
- Boundary markers: Absent; there are no delimiters to isolate extracted comments from agent instructions.
- Capability inventory: Activation steps 1 and 6 allow for reading and editing local files.
- Sanitization: Absent; no validation or filtering is applied to the comment content before analysis.
- [COMMAND_EXECUTION]: The skill executes the command
git diff --stagedto identify files for processing. This is a functional requirement of the skill and is used in a standard way.
Audit Metadata