interactive-diff-review
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes git commands to retrieve repository history, resolve diffs, and perform commits. Evidence: The
scripts/resolve_diff.pyscript usessubprocess.runto callgit logandgit diffwith user-provided arguments. TheSKILL.mdorchestrates the execution ofgit add -Aandgit commitas part of its automated workflow.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection vulnerability surface by processing external data (git diffs) that may contain malicious instructions designed to influence the agent's analysis. \n - Ingestion points: Raw git diff strings are fetched by
resolve_diff.pyand parsed into hunks for the agent to review.\n - Boundary markers: The
references/review-format.mdinstructions dictate that the diff content should be displayed within markdown code blocks usingdiffsyntax highlighting to separate it from instructions.\n - Capability inventory: The skill has the ability to modify project source code using the
Edittool (via the--applycommand) and to execute commits to the repository (via the--commitcommand).\n - Sanitization: The skill does not implement any sanitization or filtering of the diff content to prevent the agent from interpreting embedded instructions as legitimate commands.
Audit Metadata