slop
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [Command Execution] (HIGH): The skill uses a shell command
git diff $1 --statwhere$1is a user-provided branch name. This is vulnerable to command injection if the branch name contains shell metacharacters (e.g.,;,&,|). - [Remote Code Execution] (HIGH): The skill instructs the agent to run
npm testafter modifying code. If the repository or branch being analyzed contains a malicioustestscript inpackage.json, the agent will execute arbitrary code with the user's privileges. - [Indirect Prompt Injection] (HIGH): The skill processes external content (git diffs) and has the capability to write files and execute commands (
npm test). An attacker could embed malicious instructions or code in a branch that, when processed by this skill, leads to unauthorized code execution or data modification. - [Sanitization] (LOW): There is no evidence of input validation or sanitization for the branch name or the code being processed.
Recommendations
- AI detected serious security threats
Audit Metadata