Skills
skills/doodledood/codex-workflow/review-coverage/Gen Agent Trust Hub

review-coverage

Pass

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: LOWCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (LOW): The skill executes git diff commands to identify changed files and content. This is a standard subprocess execution for development tools and is restricted to local Git operations.
  • [PROMPT_INJECTION] (LOW): The skill has an indirect prompt injection surface because it ingests and processes untrusted source code. Malicious instructions embedded in code comments could potentially influence the agent's behavior or reporting.
  • Ingestion points: Local source files and Git diff output (SKILL.md Step 2 & 3).
  • Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded commands within the files it reviews.
  • Capability inventory: Limited to file reading and local read-only Git commands.
  • Sanitization: No sanitization or filtering of the ingested source code is performed.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 16, 2026, 02:54 AM