review-quality
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill fetches external audit guidelines from a remote URL. Evidence:
curl -fsSL https://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.mdinSKILL.md. Context: The source is a trusted GitHub organization (vercel-labs), which downgrades the finding severity per security protocols. - PROMPT_INJECTION (LOW): The skill has an indirect prompt injection surface because it processes untrusted user-provided data like code diffs and implementation descriptions. 1. Ingestion points: Git diff output,
{WHAT_WAS_IMPLEMENTED}placeholder, and{PLAN_REFERENCE}file content. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the processing logic. 3. Capability inventory: The skill has access to local shell (git commands), network (curl), and the filesystem (writing reports torun_dir/). 4. Sanitization: None identified. - COMMAND_EXECUTION (SAFE): The skill executes standard git commands to determine the scope of changes. Evidence:
git diff,git rev-parse, andgit merge-baseare used strictly for repository metadata and diff analysis.
Audit Metadata