code-review
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill accepts user-provided arguments and passes them directly to shell tools without sanitization. In Step 1, user arguments are used directly in
git diff. This allows potential command injection via shell metacharacters if the underlying tool execution is not properly isolated. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it reads and processes the full content of untrusted repository files. Ingestion points: Step 2 uses
ReadandGrepon files in the repository. Boundary markers: The skill does not use delimiters or explicit instructions to ignore commands found within the analyzed source code. Capability inventory: The agent has access toBash(git),Read,Grep, andGlob. Sanitization: No sanitization is performed on file contents to prevent embedded instructions from influencing the LLM's logic or output.
Audit Metadata