why-review
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill runs 'git diff' commands locally to identify code changes. These are standard local operations for repository auditing.
- PROMPT_INJECTION (LOW): Category 8: Indirect Prompt Injection Surface. The skill ingests untrusted data from git diffs and the 'docs/adr/' directory. Malicious instructions embedded in commit messages or code comments could potentially influence the agent's audit result.
- Ingestion points: Output from 'git diff' and files located in 'docs/adr/'.
- Boundary markers: Absent. The agent processes raw content without specific delimiters.
- Capability inventory: Limited to analysis and generating reports; the skill does not specify file-write or network capabilities.
- Sanitization: None. The skill does not filter or sanitize the input data before processing.
Audit Metadata