watzup
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and process untrusted external data from a git repository's history and current state.
- Ingestion points: The skill reads branch content and commit history ("Review my current branch and the most recent commits").
- Boundary markers: Absent. The instructions do not specify delimiters for the git data or provide warnings to the agent to ignore instructions embedded within the commits.
- Capability inventory: Reasoning and task planning. The skill's output ("detailed summary", "Analyze the overall impact", and task planning notes) influences the agent's internal state and future actions.
- Sanitization: Absent. The content of the repository is processed without filtering, which could allow an attacker to embed instructions in a commit message that the agent might mistakenly follow as part of its 'review' or 'planning' phase.
Audit Metadata