review
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it ingests and processes untrusted data from external source code diffs and files. Malicious instructions embedded in the reviewed code could attempt to override the agent's behavior.\n
- Ingestion points: The skill retrieves external code content using
git diff,git show, and file system reads as described inSKILL.md.\n - Boundary markers: There are no explicit delimiters or markers defined to separate the ingested untrusted code from the agent's instructions.\n
- Capability inventory: The skill is strictly limited to read-only Git operations and file system access; it lacks the capability to modify files or perform network operations.\n
- Sanitization: No explicit sanitization, escaping, or filtering of the ingested code content is performed before analysis.\n
- Mitigation: The risk of obedience to injected instructions is mitigated by strong 'analysis-only' rules and a mandatory manual decision gate that prevents automated execution of fixes.
Audit Metadata