summarize-changes
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted external data which could contain instructions intended to manipulate the agent's output.
- Ingestion points: Data enters the agent context through
git diff,git status, andgh pr diffas specified in the Scope Modes and Workflow sections. - Boundary markers: The skill does not define specific delimiters or instructions to ignore natural language instructions found within the diff/code content.
- Capability inventory: The skill is limited to read operations using
gitandghCLI tools; it lacks write permissions, network exfiltration commands, or dynamic execution (eval/exec) capabilities. - Sanitization: No evidence of content filtering or sanitization of the retrieved diffs before they are passed to the LLM for summarization.
- Command Execution (SAFE): The use of
gitand GitHub CLI (gh) is standard and necessary for the stated functionality of a change summarization tool. No high-risk command patterns (e.g., piping to shell, sudo) were detected.
Audit Metadata