commit-pr-contract
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): No security issues detected. The skill is entirely composed of natural language instructions and formatting rules.
- Indirect Prompt Injection (SAFE): While the skill is designed to process untrusted data (code diffs and change descriptions), it lacks any exploitable capabilities to perform actions beyond text generation.
- Ingestion points: The skill ingests user-provided code diffs and change descriptions in the
SKILL.mdworkflow. - Boundary markers: No specific delimiters are defined to isolate untrusted code diffs from instructions.
- Capability inventory: None. The skill does not use any tools, file-system operations, or network calls.
- Sanitization: No explicit sanitization or instruction-ignoring logic is present for the input data.
Audit Metadata