review-and-simplify-changes
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands to interact with the repository and validate changes. This includes
git diffandgit diff --cachedto determine scope, as well as running 'targeted tests', 'typecheck', 'compile', or 'lint' commands during the validation phase in Step 5. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests and processes untrusted data from the local repository that could contain instructions designed to manipulate the agent's behavior.
- Ingestion points: The skill reads git diff outputs and the contents of local files (including project documentation like
AGENTS.md) to perform its review. - Boundary markers: There are no explicit instructions or delimiters defined to help the agent distinguish between its own instructions and potentially malicious instructions embedded in the code comments or documentation it reviews.
- Capability inventory: The main agent has the capability to write to the filesystem ('apply fixes') and execute arbitrary shell commands (tests, compilers, linters) defined by the project's environment.
- Sanitization: The skill does not perform any sanitization or filtering of the code or diff content before passing it to sub-agents for analysis.
Audit Metadata