Skills
skills/ichuan/skills/pre-commit-review/Gen Agent Trust Hub

pre-commit-review

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes local git commands (git status, git diff, git log) to retrieve code changes and repository history for analysis. These operations are appropriate for the skill's intended purpose of code review.
  • [PROMPT_INJECTION]: The skill is designed to ingest untrusted data in the form of git diff outputs, which introduces a surface for indirect prompt injection.
    • Ingestion points: git diff and git diff --cached output in SKILL.md.
    • Boundary markers: Absent; the instructions do not include specific delimiters or 'ignore' instructions for the ingested code diffs.
    • Capability inventory: The skill has the capability to execute shell commands (git).
    • Sanitization: Absent; there is no evidence of escaping or validation of the code content before it is processed by the agent.
  • [SAFE]: The skill includes comprehensive security checklists in references/review-checklist.md to identify risks like hardcoded credentials and SQL injection in the code being reviewed, demonstrating a security-focused design.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 03:31 AM