Skills
skills/factory-ai/factory-plugins/commit-security-scan/Gen Agent Trust Hub

commit-security-scan

Pass

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (LOW): The skill instructs the agent to execute shell commands (git diff, git show, gh pr diff) to retrieve code changes. While these are essential for the skill's primary function, they involve interacting with the system's command line.
  • [PROMPT_INJECTION] (LOW): This skill is vulnerable to Indirect Prompt Injection (Category 8) as it ingests untrusted data from external sources (commits and pull requests).
  • Ingestion points: Step 2 in SKILL.md identifies that the agent reads output from gh pr diff and git diff, along with the full content of changed files.
  • Boundary markers: Absent. The instructions do not specify using delimiters or provide a system-level warning to the LLM to ignore instructions contained within the code diffs.
  • Capability inventory: The skill can execute shell commands (git, gh), write to the local file system (security-findings.json), and invoke other agent skills (threat-model-generation).
  • Sanitization: Absent. There is no mention of filtering or sanitizing the code content before it is processed by the LLM reasoning engine.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 20, 2026, 01:27 AM