review
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: No malicious patterns, prompt injections, or attempts to bypass safety filters were detected. The skill instructions are consistent with its described function as a code review tool.- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute 'git diff'. This is a legitimate and necessary operation for the skill to identify and review recent code changes.- [DATA_EXPOSURE]: The skill uses the 'Read' tool to analyze source code. No evidence was found of attempts to access sensitive system files, environment variables, or hardcoded credentials.- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from 'git diff' output. While this presents a theoretical attack surface for indirect prompt injection, the skill's instructions are focused on analysis rather than automated execution of code found within the diff, and no specific exploits were found.
Audit Metadata