Skills
skills/elithrar/dotfiles/differential-review/Gen Agent Trust Hub

differential-review

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to run git commands, grep, and find for repository analysis. These commands are used to identify code changes, analyze history, and calculate the blast radius of modifications.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection because it processes untrusted code changes from commits and pull requests. 1. Ingestion points: Data enters the context via git diff and gh pr view output in SKILL.md and methodology.md. 2. Boundary markers: The skill does not implement specific delimiters to isolate untrusted code content from agent instructions. 3. Capability inventory: The agent has access to Bash for command execution and the Write tool for generating reports. 4. Sanitization: There is no explicit logic to sanitize or escape data retrieved from git history before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 03:33 AM